Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Spring Cleaning

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Spring Cleaning

Unread postby Myriddan » January 26th, 2007, 6:44 pm

Don't think I have any major problems, but I would like to clean any I do have

Logfile of HijackThis v1.99.1
Scan saved at 2:43:05 PM, on 1/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\CTHELPER.EXE
F:\Programs\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1133491950\ee\AOLSoftware.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Programs\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133491950\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} - http://www.funnytaf.com/fun/installer/Install.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engin ... core_1.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/s ... insctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3998590875
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/fil ... ImgVwr.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - http://images.myfamily.net/isfiles/downloads/MrSIDI.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/s ... cGDMgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {D8F595EF-81B1-47A5-8CC4-F7DA44B5FF64} (ImagePreview Class) - http://images.ancestry.com/asfiles/file ... ImgVwr.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/ins ... downde.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Myriddan
Regular Member
 
Posts: 24
Joined: December 5th, 2005, 12:07 am
Advertisement
Register to Remove

Unread postby NonSuch » January 27th, 2007, 7:48 pm

Welcome. :)

I suggest you print out these instructions so you have them readily at hand.

Please close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} - http://www.funnytaf.com/fun/installer/Install.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab


Click on Fix Checked when finished and exit HijackThis.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.0.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement."
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.


You are using an older vulnerable version of Adobe Acrobat Reader. Please go here to download Adobe Acrobat Reader 8...

http://www.adobe.com/uk/products/reader/

When you have finished installing the Acrobat Reader, please go to Add/Remove Programs and verify that there are no versions listed other than Acrobat Reader 8. If you find older versions, remove them.

When finished, reboot your computer.

Your log shows that MSConfig is running at startup. This indicates that you may be using "diagnostic startup" rather than "normal startup" to stop something from running. While this is normally OK, it is possible that you have disabled something that may be related to malware. While disabled, it will not show up in the HijackThis log. So, we need to do the following in order to get a look at what has been disabled...

Go to Start > Run and type Notepad
Copy/paste the following quote box into a new notepad (not wordpad) document. Make sure that wordwrap is unchecked.
regedit /a /e %systemdrive%\regkey.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig"
notepad %systemdrive%\regkey.txt
del /q %systemdrive%\regkey.txt

Go to the menu at the top of the Notepad File and Save as
Save it to your Desktop as "mslook.bat" (you MUST include the quotes)
Locate mslook.bat on your Desktop and double-click it. When notepad opens, copy/paste the content in your reply. When you close Notepad the CMD window will close automatically and the text file will be deleted.

Scan with HijackThis and post a fresh log into this same thread along with the mslook.bat results.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby Myriddan » January 27th, 2007, 9:22 pm

Here is the text from "mslook.bat"

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
"AOL TopSpeedMonitor"=dword:00000002
"AOL ACS"=dword:00000002
"WMConnectCDS"=dword:00000003
"rpcapd"=dword:00000003
"ose"=dword:00000003
"MDM"=dword:00000002
"MCVSRte"=dword:00000002
"mcupdmgr.exe"=dword:00000003
"McShield"=dword:00000003
"Creative Service for CDROM Access"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Camio Viewer.lnk"
"backup"="C:\\WINDOWS\\pss\\Camio Viewer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\DELLCO~1\\DELLIM~1\\IXApplet.exe -s"
"item"="Camio Viewer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -h"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak software updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak software updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKS~1\\7288971\\Program\\KODAKS~1.EXE "
"item"="Kodak software updater"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item"="Microsoft Works Calendar Reminders"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Office Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\Office Startup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~4\\Office\\OSA.EXE -b"
"item"="Office Startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Start GetRight.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Start GetRight.lnk"
"backup"="C:\\WINDOWS\\pss\\Start GetRight.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\GetRight\\getright.exe "
"item"="Start GetRight"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1133491950\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="C:\\Program Files\\ICQLite\\ICQLite.exe -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\kdx]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHost"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\kdx\\KHost.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LTWinModem1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ltmsg"
"hkey"="HKLM"
"command"="ltmsg.exe 9"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MoneyAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Money Express"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\STCPE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="STCPE"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\UCLA STC\\STCPE\\STCPE.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"f:\\games\\steam\\steam.exe\" -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000002
"startup"=dword:00000002

and here is the new HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 5:22:45 PM, on 1/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
F:\Programs\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1133491950\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Programs\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133491950\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engin ... core_1.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/s ... insctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3998590875
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/fil ... ImgVwr.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - http://images.myfamily.net/isfiles/downloads/MrSIDI.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/s ... cGDMgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {D8F595EF-81B1-47A5-8CC4-F7DA44B5FF64} (ImagePreview Class) - http://images.ancestry.com/asfiles/file ... ImgVwr.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/ins ... downde.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Myriddan
Regular Member
 
Posts: 24
Joined: December 5th, 2005, 12:07 am

Unread postby NonSuch » January 27th, 2007, 11:38 pm

That looks much better. :)

Although you are using anti-virus and anti-spyware programs, you do not appear to be using a third-party firewall; therefore, I would hope that you are at least using the Windows XP firewall as it is unsafe to be online without the protection of an active firewall. Please be aware that although the Windows firewall can protect your system from incoming threats, it does nothing to protect you from malware that may get on your system and then "phone home" for instructions. If you do not have a third-party firewall and would like to install one, the following are firewalls that are available in both paid versions and free-for-personal-use versions...

Sunbelt Kerio Firewall Supported Platforms: Windows 2000, Windows XP

Zonealarm Free Supported Platforms: Windows 2000, Windows XP

I notice that you have AVG Anti-Spyware installed. I would like you to do a full scan, in safe mode, and post the results. If you are using the paid version, it should be automatically updating. If you are using the free version, it does not automatically update, so you will need to do the following...

  • Open AVG Anti-Spyware and next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Next, reboot into safe mode, this way:
Restart the computer
Immediately begin tapping the <F8> key.
Use the arrow keys to highlight Safe Mode and press the <Enter> key.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

Please post the AVG Anti-Spyware report in your next reply.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby Myriddan » January 28th, 2007, 5:46 am

This is very odd...I cannot get start mode to boot correctly...it stalls after loading the AGP drivers...

I figure its either the linux distribution and boot loader doing something strange to Windows or the display drivers. Thoughts/suggestions?
Myriddan
Regular Member
 
Posts: 24
Joined: December 5th, 2005, 12:07 am

Unread postby NonSuch » January 28th, 2007, 6:09 am

No problem. Just go ahead and do the scan in normal mode. :)
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby Myriddan » January 28th, 2007, 3:45 pm

I find it weird that the scan found stuff on the name Earl even though it hasn't been used in awhile and I scan regularly...I did stop using selective start-up so that is the only explanation I can think of...anyways here is the report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:22:34 AM 1/28/2007

+ Scan result:



HKU\S-1-5-21-3942531886-953129233-1774555873-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1923D19B-2EE9-4466-9C3B-87F52DF177E7} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\PopupBlocker -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\ScreenSavers -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\ScreenSavers\ScreenSaversOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\ScreenSavers\ScreenSaversOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\SmileyTown -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\SmileyTown\SmileyTownOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP344\A0061517.dll -> Adware.Viewpoint : Cleaned with backup (quarantined).
HKU\S-1-5-21-3942531886-953129233-1774555873-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7507739F-BC2E-4DC3-B233-816783C25DC9} -> Downloader.Delf : Cleaned with backup (quarantined).
HKU\S-1-5-21-3942531886-953129233-1774555873-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{826B2228-BC09-49F2-B5F8-42CE26B1B712} -> Downloader.Delf : Cleaned with backup (quarantined).
HKU\S-1-5-21-3942531886-953129233-1774555873-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16875E09-927B-4494-82BD-158A1CD46BA0} -> Downloader.Delf.vt : Cleaned with backup (quarantined).
C:\Documents and Settings\Earl\Local Settings\Temporary Internet Files\Content.IE5\JO3MQH2B\mtrslib2[1].js -> Dropper.PurScan.b : Cleaned with backup (quarantined).
F:\Games\Isos\Battle for Middle Earth\LotRBfME102NOCD.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.355:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.512:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.597:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.612:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.626:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Eric\Cookies\eric@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.237:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.238:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Eric\Cookies\eric@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.261:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.264:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.266:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.267:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.268:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.102:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.103:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.104:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.105:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.106:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.92:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.445:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.346:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.347:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.348:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.349:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.233:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.71:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.76:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.101:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.146:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.147:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.150:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.368:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.369:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.370:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.371:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.372:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.373:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.379:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.517:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.529:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.750:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.751:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.151:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.152:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.259:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.260:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.262:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.655:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.178:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.179:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.180:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.181:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.656:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.657:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.305:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.306:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.307:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.308:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.309:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.310:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.272:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.273:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.202:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.203:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.204:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.205:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.206:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.207:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.208:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.209:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.210:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.547:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.671:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.672:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.673:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.674:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.675:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.228:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.229:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.230:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.231:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.300:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.301:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.302:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.157:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.158:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.159:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.160:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.320:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.321:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.274:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.275:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.276:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.277:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.278:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.279:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.280:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.281:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.100:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.315:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.316:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.317:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.318:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.319:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.322:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.224:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.120:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.121:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.122:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.123:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.124:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.125:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.126:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.127:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.128:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.129:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.130:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.131:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.246:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.247:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.248:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\xuq1hnwl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end
Myriddan
Regular Member
 
Posts: 24
Joined: December 5th, 2005, 12:07 am

Unread postby NonSuch » January 28th, 2007, 9:48 pm

Well, that scan certainly cleaned out a lot, didn't it? :) You can empty the quarantine now if you have not done so yet.

Your spring cleaning is done now, except for a bit of tidying up...

Download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.


Please read this article by Tony Klein for information on the causes and prevention of malware...

http://www.malwareremoval.com/forum/viewtopic.php?t=4959

That should do it. ;)
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby Myriddan » January 28th, 2007, 11:39 pm

And thats done, thanks for the help. Mind doing my laptop now? :)
Myriddan
Regular Member
 
Posts: 24
Joined: December 5th, 2005, 12:07 am

Unread postby NonSuch » January 29th, 2007, 12:28 am

You're very welcome. :)

Please start a fresh topic for your laptop, and someone will be happy to check it out for you.

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 59 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware