Someone please help by reviewing the following logs and notes and providing fixes. I've run in the following order Malwarebyte, Superantispyware, Vundo Fix 7.0.6 (no infections reported), CCCleaner (programs & registry cleaned), TrendMicro's HouseCall 6.5, AVG Pro, Windows Defender & ended with HiJackThis. ********************************* ********************************* ********************************* Malwarebytes' Anti-Malware 1.31 Database version: 1479 Windows 5.1.2600 Service Pack 3 12/10/2008 3:48:35 AM mbam-log-2008-12-10 (03-48-35).txt Scan type: Full Scan (C:\|) Objects scanned: 138579 Time elapsed: 1 hour(s), 6 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 4 Registry Keys Infected: 48 Registry Values Infected: 8 Registry Data Items Infected: 20 Folders Infected: 8 Files Infected: 67 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\ljJBTmJb.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\glsgpo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\vtUkigGW.dll (Trojan.Vundo.H) -> Delete on reboot. C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9eab4780-4cb4-4c30-b5d8-9995460027cc} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9eab4780-4cb4-4c30-b5d8-9995460027cc} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4f175ab-ac77-4138-bc1b-60aa51e0dd00} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{b4f175ab-ac77-4138-bc1b-60aa51e0dd00} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d28cfe58-12a1-4bd1-8af8-a4a6e7389857} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtukiggw (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{d28cfe58-12a1-4bd1-8af8-a4a6e7389857} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\wav6com.avofficeprotect (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\wav6com.avofficeprotect.1 (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{EE8A3F7B-E4AB-5C41-4926-3FAED82759F5} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{030a0f33-5b99-482e-83f5-2eeb8457878b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{096cba44-4a4c-49f7-8903-1e75550abcb7} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9eab4780-4cb4-4c30-b5d8-9995460027cc} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d28cfe58-12a1-4bd1-8af8-a4a6e7389857} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b4f175ab-ac77-4138-bc1b-60aa51e0dd00} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ViRsLab (Rogue.AVLab) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\virslabwarning.warningbho (Rogue.AVLab) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\virslabwarning.warningbho.1 (Rogue.AVLab) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\virustriggerbin (Rogue.VirusTrigger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\UAV (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\WinPGI.DLL (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fopn (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2b394226-862f-4aa4-aa53-988e24f50841} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b394226-862f-4aa4-aa53-988e24f50841} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\virustriggerbin (Rogue.VirusHeat) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d28cfe58-12a1-4bd1-8af8-a4a6e7389857} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\QuickTime Task (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjbtmjb -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdklp.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjbtmjb -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9ab16946-28db-48c6-a787-e6bdda9d26a6}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.203,85.255.112.227 -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9ab16946-28db-48c6-a787-e6bdda9d26a6}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.203,85.255.112.227 -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9ab16946-28db-48c6-a787-e6bdda9d26a6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.203,85.255.112.227 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9ab16946-28db-48c6-a787-e6bdda9d26a6}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.203,85.255.112.227 -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\ViRsLab (Rogue.AntiVirusLab) -> Quarantined and deleted successfully. C:\Program Files\VirusTriggerBin (Rogue.VirusTrigger) -> Quarantined and deleted successfully. C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\UAV (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully. C:\WINDOWS\system32\512686 (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\675873 (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\glsgpo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ljJBTmJb.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\bJmTBJjl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bJmTBJjl.ini2 (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\vtUkigGW.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\hfsqdgcr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rcgdqsfh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hkfyakqr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rqkayfkh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kvapqabk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kbaqpavk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pwbxqerq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qreqxbwp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rylsesjn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\njseslyr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\thpmvrmi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\imrvmpht.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ysbykkgs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sgkkybsy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kdklp.exe (Rootkit.DNSChanger.H) -> Delete on reboot. C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully. C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully. C:\WINDOWS\system32\675873\675873.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Kate\Local Settings\Temp\xrg3.exe (Zlob.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Kate\Local Settings\Temporary Internet Files\Content.IE5\9CCJ373D\index[2] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Kate\Local Settings\Temporary Internet Files\Content.IE5\AR6F7HXB\zc113432[2] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Kate\Local Settings\Temporary Internet Files\Content.IE5\KPXSQNA4\kb435[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\ViRsLab\ViRsLab.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully. C:\Program Files\UAV\UAV.cpl (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tujidf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jktnsatg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nrcksgeu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\svuvoo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cppvgjbo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXNfGXP.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\srhatuql.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xatygg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\aycpjovl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rkbrewtx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xwnfxr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zaiszv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\512686\512686.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\UAV\uav.ooo (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully. C:\Program Files\UAV\UAV1.dat (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully. C:\Program Files\UAV\Uninstall.exe (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\algg.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\WINDOWS\system32\stera.job (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\Kate\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Kate\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Kate\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Kate\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-12B.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-145.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-2E5.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-4C7.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-5B7.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-ADB.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-BAF.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Kate\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully. ********************************* ********************************* ********************************* SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/10/2008 at 05:53 AM Application Version : 4.23.1006 Core Rules Database Version : 3661 Trace Rules Database Version: 1641 Scan type : Complete Scan Total Scan Time : 00:46:44 Memory items scanned : 364 Memory threats detected : 0 Registry items scanned : 5752 Registry threats detected : 178 File items scanned : 23970 File threats detected : 261 Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59} HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59} HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59} HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}#AppID HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\InprocServer32 HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\InprocServer32#ThreadingModel HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\ProgID HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\Programmable HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\TypeLib HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\VersionIndependentProgID HKCR\MPAgent.Agent.1 HKCR\MPAgent.Agent.1\CLSID HKCR\MPAgent.Agent HKCR\MPAgent.Agent\CLSID HKCR\MPAgent.Agent\CurVer HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D} HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0 HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\0 HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\0\win32 HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\FLAGS HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\HELPDIR C:\WINDOWS\SYSTEM32\AGENT.DLL HKCR\Interface\{9A395C6C-E42E-4777-B8EF-FDDEB705F3FB} HKCR\Interface\{9A395C6C-E42E-4777-B8EF-FDDEB705F3FB}\ProxyStubClsid HKCR\Interface\{9A395C6C-E42E-4777-B8EF-FDDEB705F3FB}\ProxyStubClsid32 HKCR\Interface\{9A395C6C-E42E-4777-B8EF-FDDEB705F3FB}\TypeLib HKCR\Interface\{9A395C6C-E42E-4777-B8EF-FDDEB705F3FB}\TypeLib#Version Adware.Vundo/Variant-Greek HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8e9d480-7afe-46a6-8842-8e28c2780b8a} HKCR\CLSID\{C8E9D480-7AFE-46A6-8842-8E28C2780B8A} HKCR\CLSID\{C8E9D480-7AFE-46A6-8842-8E28C2780B8A}\InprocServer32 HKCR\CLSID\{C8E9D480-7AFE-46A6-8842-8E28C2780B8A}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\YSUFAS.DLL HKU\S-1-5-21-3790069800-1861481508-2378180336-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C8E9D480-7AFE-46A6-8842-8E28C2780B8A} C:\WINDOWS\SYSTEM32\ABDLBOWJ.DLL C:\WINDOWS\SYSTEM32\ACOKESVW.DLL C:\WINDOWS\SYSTEM32\BBCTENST.DLL C:\WINDOWS\SYSTEM32\CTHMWSCB.DLL C:\WINDOWS\SYSTEM32\EGLVOE.DLL C:\WINDOWS\SYSTEM32\EYDFAZ.DLL C:\WINDOWS\SYSTEM32\HAYROHHG.DLL C:\WINDOWS\SYSTEM32\HEPHRHFN.DLL C:\WINDOWS\SYSTEM32\IHCLIRET.DLL C:\WINDOWS\SYSTEM32\IMZBFS.DLL C:\WINDOWS\SYSTEM32\JMJIVM.DLL C:\WINDOWS\SYSTEM32\JUUBMC.DLL C:\WINDOWS\SYSTEM32\KOKSMYDF.DLL C:\WINDOWS\SYSTEM32\LCQVQBGA.DLL C:\WINDOWS\SYSTEM32\MDKSTF.DLL C:\WINDOWS\SYSTEM32\NEGVLXQW.DLL C:\WINDOWS\SYSTEM32\PAHOHFJQ.DLL C:\WINDOWS\SYSTEM32\SWOBJN.DLL C:\WINDOWS\SYSTEM32\UDZBHF.DLL C:\WINDOWS\SYSTEM32\WNLQXF.DLL Trojan.Media-Codec HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{192C5B4A-3EFD-40C7-9F99-C472DEB8EFC0} HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF} HKU\S-1-5-21-3790069800-1861481508-2378180336-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{192C5B4A-3EFD-40C7-9F99-C472DEB8EFC0} HKU\S-1-5-21-3790069800-1861481508-2378180336-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF} HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{192C5B4A-3EFD-40C7-9F99-C472DEB8EFC0} HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF} HKCR\CodecsSoftwarePackage.chl HKCR\CodecsSoftwarePackage.chl\CLSID C:\Program Files\QualityCodec\uninst.exe C:\Program Files\QualityCodec Rogue.VirusResponseLab2009 HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B394226-862F-4AA4-AA53-988E24F50841} HKU\S-1-5-21-3790069800-1861481508-2378180336-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B394226-862F-4AA4-AA53-988E24F50841} HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B394226-862F-4AA4-AA53-988E24F50841} Rootkit.NDisProt/Fake HKLM\System\ControlSet001\Services\Ndisprot C:\WINDOWS\SYSTEM32\DRIVERS\NDISPROT.SYS HKLM\System\ControlSet001\Enum\Root\LEGACY_Ndisprot HKLM\System\ControlSet002\Services\Ndisprot HKLM\System\ControlSet002\Enum\Root\LEGACY_Ndisprot HKLM\System\CurrentControlSet\Services\Ndisprot HKLM\System\CurrentControlSet\Enum\Root\LEGACY_Ndisprot Adware.Tracking Cookie C:\Documents and Settings\Kate\Cookies\kate@doubleclick[1].txt C:\Documents and Settings\LocalService\Cookies\system@doubleclick[2].txt C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt .statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .data.coremetrics.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] www.hrsaccount.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] www.hrsaccount.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .track.bestbuy.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .track.bestbuy.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .track.bestbuy.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .track.bestbuy.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .track.bestbuy.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] landing.trafficz.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] landing.trafficz.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] landing.trafficz.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] landing.trafficz.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] landing.trafficz.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] www.accountonline.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] www.accountonline.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .nextag.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] www.googleadservices.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .bizrate.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .doubleclick.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .ehg-techtarget.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .overture.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .overture.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] statse.webtrendslive.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .statse.webtrendslive.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] sales.liveperson.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] sales.liveperson.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .paypal.112.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .supermediastore.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .supermediastore.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .supermediastore.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] www.supermediastore.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .supermediastore.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .server.iad.liveperson.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .supermediastore.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] server.iad.liveperson.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] stats1.clicktracks.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] stats1.clicktracks.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] stats1.clicktracks.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] stats1.clicktracks.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .crossmediaservices.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .stats.crossmediaservices.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .ehg-verizon.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .ehg-verizon.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .ehg-verizon.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .ehg-verizon.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .ad.yieldmanager.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .ad.yieldmanager.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .ad.yieldmanager.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .householdaccount.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .metacafe.122.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] counter.hitslink.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .apmebf.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .apmebf.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .nba.112.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .media-bucket.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] server.iad.liveperson.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .ehg-myspaceinc.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .ehg-myspaceinc.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .windowsmedia.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .ehg-equifax.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .msnportal.112.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .collective-media.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] citi.bridgetrack.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] citi.bridgetrack.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .ehg-tigerdirect2.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .ehg-sharpelectronic.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .thefind.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .thefind.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .thefind.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] img.thefind.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] silo.thefind.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .marketlive.122.2o7.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] sales.liveperson.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .vidego.multicastmedia.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .vidego.multicastmedia.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] sales.liveperson.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .10click.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .10click.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .10click.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] sales.liveperson.net [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .ehg-lgusa.hitbox.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] .dynamicsitestats.com [ C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt ] C:\Documents and Settings\Shamba\Cookies\shamba@mediaplex[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@tracker.tbkresources[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@2o7[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@realmedia[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@hg1.hitbox[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@questionmarket[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@anad.tacoda[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@anat.tacoda[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@specificclick[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@tacoda[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@hitbox[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@casalemedia[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@ad.yieldmanager[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@ads.jpgmag[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@fastclick[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@revsci[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@clicksor[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@kontera[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@adlegend[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@ads.adbrite[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@easyadservice[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@trafficmp[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@msnportal.112.2o7[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@revenue[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@test.coremetrics[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@citi.bridgetrack[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@adserver.sassybella[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@ads.pointroll[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@brightcove.112.2o7[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@ehg-dig.hitbox[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@media.adrevolver[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@tribalfusion[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@media.adrevolver[3].txt C:\Documents and Settings\Shamba\Cookies\shamba@www.googleadservices[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@www.burstnet[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@iacas.adbureau[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@serving-sys[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@adbrite[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@ehg-providianbankcorpservices.hitbox[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@precisionclick[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@adrevolver[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@atdmt[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@burstnet[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@collective-media[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@zedo[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@adopt.euroclick[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@jkearn.freestats[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@3.adbrite[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@4.adbrite[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@adopt.specificclick[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@ads.revsci[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@advertising[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@apmebf[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@atwola[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@bs.serving-sys[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@doubleclick[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@data.coremetrics[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@ehg-verizon.hitbox[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@imrworldwide[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@insightexpressai[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@media6degrees[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@porn.iwantanewgirlfriend[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@server.iad.liveperson[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@server.iad.liveperson[3].txt C:\Documents and Settings\Shamba\Cookies\shamba@sexreactor[2].txt C:\Documents and Settings\Shamba\Cookies\shamba@statcounter[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@statse.webtrendslive[1].txt C:\Documents and Settings\Shamba\Cookies\shamba@winantivirus[1].txt Adware.MovieLand/MediaPipe HKCR\AppId\AMNotifier.EXE HKCR\AppId\AMNotifier.EXE#AppID HKCR\AppId\MPAgent.DLL HKCR\AppId\MPAgent.DLL#AppID HKCR\AMNotifier.HUBAWindow HKCR\AMNotifier.HUBAWindow\CLSID HKCR\AMNotifier.HUBAWindow\CurVer HKCR\AMNotifier.HUBAWindow.1 HKCR\AMNotifier.HUBAWindow.1\CLSID HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A} HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}#AppID HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\LocalServer32 HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\ProgID HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\Programmable HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\TypeLib HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\VersionIndependentProgID HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE} HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0 HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0 HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0\win32 HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\FLAGS HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\HELPDIR C:\Program Files\moviepass Terms.html HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC} HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid32 HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\TypeLib HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\TypeLib#Version Trojan.WinAntiSpyware/WinAntiVirus 2006/2007 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000\Control HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000\Control HKLM\SYSTEM\CurrentControlSet\Services\vspf HKLM\SYSTEM\CurrentControlSet\Services\vspf#Type HKLM\SYSTEM\CurrentControlSet\Services\vspf#Start HKLM\SYSTEM\CurrentControlSet\Services\vspf#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\vspf#Tag HKLM\SYSTEM\CurrentControlSet\Services\vspf#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\vspf#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\vspf#Group HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnService HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnGroup HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#NextInstance HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#INITSTARTFAILED HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Type HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Start HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Tag HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Group HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#NextInstance HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#INITSTARTFAILED HKLM\SYSTEM\CurrentControlSet\Services\FWSvc HKLM\SYSTEM\CurrentControlSet\Services\FWSvc#Type HKLM\SYSTEM\CurrentControlSet\Services\FWSvc#Start HKLM\SYSTEM\CurrentControlSet\Services\FWSvc#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\FWSvc#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\FWSvc#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\FWSvc#ObjectName HKLM\SYSTEM\CurrentControlSet\Services\FWSvc\Security HKLM\SYSTEM\CurrentControlSet\Services\FWSvc\Security#Security C:\WINDOWS\system32\av.cpl Malware.VirusBurst C:\Program Files\VirusBursters\blacklist.txt C:\Program Files\VirusBursters\ignored.lst C:\Program Files\VirusBursters\Lang\English.ini C:\Program Files\VirusBursters\Lang C:\Program Files\VirusBursters\Logs C:\Program Files\VirusBursters\Quarantine\archive 12.11.2006 20-53-00.dat C:\Program Files\VirusBursters\Quarantine\archive 12.11.2006 20-53-00.inf C:\Program Files\VirusBursters\Quarantine C:\Program Files\VirusBursters\vir.dat C:\Program Files\VirusBursters\virusburster.ini C:\Program Files\VirusBursters\VirusBursters.url C:\Program Files\VirusBursters Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\MS Juan HKLM\SOFTWARE\Microsoft\MS Juan#RID HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#LTM HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CDY HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CNT HKLM\SOFTWARE\Microsoft\MS Juan\JKWL HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\cccleaner HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\cccleaner#LU HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\cccleaner#CT HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\cccleaner#LT HKLM\SOFTWARE\Microsoft\MS Juan\metajuan HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LTM HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CDY HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CNT HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LBL HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#MN HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#LTM HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CDY HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CNT HKLM\SOFTWARE\Microsoft\MS Juan\profiling4 HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#LTM HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CDY HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CNT HKLM\SOFTWARE\Microsoft\MS Juan\superjuan HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#LTM HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CDY HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CNT HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#LTM HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CDY HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CNT HKLM\SOFTWARE\Microsoft\MS Track System HKLM\SOFTWARE\Microsoft\MS Track System#Uid Rogue.Component/Trace HKLM\Software\Microsoft\54D77472 HKLM\Software\Microsoft\54D77472#54d77472 HKLM\Software\Microsoft\54D77472#Version HKLM\Software\Microsoft\54D77472#54d7d9f2 HKLM\Software\Microsoft\54D77472#54d7b017 Malware.SpywareQuake C:\DOCUMENTS AND SETTINGS\KATE\LOCAL SETTINGS\TEMP\~NSU.TMP\AU_.EXE ********************************* ********************************* ********************************* Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:28:40 AM, on 12/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Kate\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdklp.exe] C:\WINDOWS\system32\kdklp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Free Internet Eraser] C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe /Startup O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140273995820 O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab O20 - AppInit_DLLs: ysufas.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - IntelĀ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 5863 bytes ********************************************** ********************************************** ********************************************** VundoFix reported that no infections were found. ********************************************** ********************************************** ********************************************** TrendMicro's Housecall 6.5 found the following items: 1. Detected MalWare: Mal_Otorun2 (1 infections) 2. Detected MalWare: TROJ_WIMAD.AZ (1 infections) 3. Detected Grayware/Spyware: ADWARE_WEIRDONTHEWEB (3 Infections) 4. Detected Grayware/Spyware: ADWARE_SOFTOMATE (1 Infections) Housecall was unable to remove 1. and one of the grayware/spywares (pdf creator failed to capture this section). ********************************************** ********************************************** ********************************************** AVG Pro Whole Computer Scan --------------------------- "Scan ""Scan whole computer"" was finished." "Infections found:";"0" "Infected objects removed or healed:";"0" "Not removed or healed:";"0" "Spyware found:";"0" "Spyware removed:";"0" "Not removed:";"0" "Warnings count:";"35" "Information count:";"0" "Scan started:";"Wednesday, December 10, 2008, 9:14:43 AM" "Scan finished:";"Wednesday, December 10, 2008, 11:25:36 AM (2 hour(s) 10 minute(s) 52 second(s))" "Total object scanned:";"716552" "User who launched the scan:";"Kate" "Warnings" "File";"Infection";"Result" "C:\Documents and Settings\Kate\Cookies\kate@2o7[2].txt";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@2o7[2].txt:\2o7.net.2e368e64";"Found Tracking cookie.2o7";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@ad.yieldmanager[1].txt";"Found Tracking cookie.Yieldmanager";"Deleted" "C:\Documents and Settings\Kate\Cookies\kate@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Deleted" "C:\Documents and Settings\Kate\Cookies\kate@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Deleted" "C:\Documents and Settings\Kate\Cookies\kate@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Deleted" "C:\Documents and Settings\Kate\Cookies\kate@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e762f029";"Found Tracking cookie.Yieldmanager";"Deleted" "C:\Documents and Settings\Kate\Cookies\kate@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Deleted" "C:\Documents and Settings\Kate\Cookies\kate@adbrite[2].txt";"Found Tracking cookie.Adbrite";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@adbrite[2].txt:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@adbrite[2].txt:\adbrite.com.557c9f74";"Found Tracking cookie.Adbrite";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@adbrite[2].txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@adbrite[2].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@revsci[2].txt";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@revsci[2].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@revsci[2].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@revsci[2].txt:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@revsci[2].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@statse.webtrendslive[1].txt";"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@statse.webtrendslive[1].txt:\statse.webtrendslive.com.b4ca7df0";"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@trafficmp[1].txt";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@trafficmp[1].txt:\trafficmp.com.37644bdb";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@trafficmp[1].txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@trafficmp[1].txt:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@trafficmp[1].txt:\trafficmp.com.e2e71e33";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\Documents and Settings\Kate\Cookies\kate@trafficmp[1].txt:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault" "C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt";"Found Tracking cookie.Webtrends";"Healed" "C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Moved to Virus Vault" "C:\Documents and Settings\Shamba\Application Data\Mozilla\Firefox\Profiles\ub7h2qb1.default\cookies.txt:\searchportal.information.com.3a8d7204";"Found Tracking cookie.Information";"Moved to Virus Vault" "C:\Documents and Settings\Shamba\Cookies\shamba@searchportal.information[1].txt";"Found Tracking cookie.Information";"Moved to Virus Vault" "C:\Documents and Settings\Shamba\Cookies\shamba@searchportal.information[1].txt:\searchportal.information.com.3a8d7204";"Found Tracking cookie.Information";"Moved to Virus Vault" "C:\Documents and Settings\Shamba\Cookies\shamba@searchportal.information[1].txt:\searchportal.information.com.44e78b2";"Found Tracking cookie.Information";"Moved to Virus Vault" "C:\Documents and Settings\Shamba\Cookies\shamba@searchportal.information[1].txt:\searchportal.information.com.7bef4b04";"Found Tracking cookie.Information";"Moved to Virus Vault" "Rootkits" "File";"Infection";"Result" "c:\Documents and Settings\Shamba\My Documents\My Music\jay-z\cant knock the....\jay-z - Clean.mp3";"Hidden file";"Reboot is required to finish the action" ********************************************** ********************************************** ********************************************** Windows Defender Full System Scan No unwanted or harmful software detected. ********************************************** ********************************************** ********************************************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:37:40 PM, on 12/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Kate\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Free Internet Eraser] C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe /Startup O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU) O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140273995820 O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...98975&h=17151f40c1a3ee67044ff65fb12aadb8/&fil ename=jinstall-6u11-windows-i586-jc.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: ysufas.dll,avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - IntelĀ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 7379 bytes ********************************************** ********************************************** **********************************************
Mod, please remove this post. I kept trying to post a thread but kept getting an error message indicating that there was an error with the post most likely due to a bad internet connection. So I kept trying and checking the forum to see if perhaps the post went through despite the error message. Later, I finally saw my post but 4 more identical ones. I spent about an hour trying to figure out how to delete a post or some other way to edit the posts but by then I was so tired I'd need that contraption in ClockWork Orange to keep my eyes open. Sorry.
