Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Worm problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Worm problem

Unread postby cee316 » November 12th, 2007, 11:16 pm

Hi there. I ran a Kaspersky online scan after noticing that I couldn't use system restore or the search function. I could open them, but they'd just show up as blank windows. The scan found a worm, but I couldn't get the Kaspersky program to run on my PC without crashing, so I need some help finding another way to get rid of it. I already tried using a bunch of malware removers and such, but no luck.

thanks! :)



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:16:20 PM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cee\Desktop\HiJackThis_v2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Cee\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7C6E92FA-4429-4FB6-909B-798E2EFFAEF0} (NCWeb.Launcher) - http://lineage2.plaync.co.kr/common/ocx/ncweb.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProtect/ ... _vista.cab
O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} - https://nprotect.ncsoft.co.kr/nProtect/ ... ft/npz.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52D4AF70-279D-4F44-969C-1052501CFADC}: NameServer = 204.47.244.61,67.69.184.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC83F744-3B29-4B32-82F0-4B5D31EEF68B}: NameServer = 204.47.244.61,67.69.184.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{52D4AF70-279D-4F44-969C-1052501CFADC}: NameServer = 204.47.244.61,67.69.184.11
O17 - HKLM\System\CS3\Services\Tcpip\..\{52D4AF70-279D-4F44-969C-1052501CFADC}: NameServer = 204.47.244.61,67.69.184.11
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 7963 bytes
cee316
Active Member
 
Posts: 7
Joined: November 12th, 2007, 10:58 pm
Advertisement
Register to Remove

Re: Worm problem

Unread postby Bob4 » November 15th, 2007, 5:44 pm

_________________________________
Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!

  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.



Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!



____________________________

Messenger Plus! (MessengerPlus2, MessengerPlus3) (MP) is an add?on for Microsoft's free messaging programs Windows Messenger and MSN Messenger. It is a 'free' download (with a few stingers in its tail). MP includes an optional Sponsor Program provided by C2Media. The Sponsor Program is commonly known in the anti?spyware and adware world as 'Lop' or 'Lop.com'. There has been a problem since Messenger Plus! first started including the Sponsor Program in approximately May 2003, with users installing the Sponsor Program without understanding what the Sponsor Program is, what it does to a user's system, or the privacy implications involved.

Messenger Plus!, if installed to include the 'sponsor program', will install adware on your computer that generates pop up windows.
The Sponsor Program will also change your home page, your search engine settings, place numerous links in IE favorites (including online casino and gambling links) and place more links on your desktop. The search toolbar that is installed cannot be turned off. The pop up advertising windows will appear even if you are running IE's pop?up blocker. This is because the Sponsor Program adds its advertisement URLs to the pop?up blocker exclusion list. If you want to reinstall MessengerPlus3, make sure you click "I refuse, do not install the sponsor program". This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. These are the items to fix in HijackThis:


O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

Personally I wouldn't have it on my machine.

______________________________


You are running 2 anti virus programs. This is a bad idea. They will fight for resourcses ,confilct with each other and provide you less protection.
I highly recommend removing one of them through add/remove programs. Which one is up to you as they are both good programs.
If one is just a trial offer I would remove that one and keep the one I have a current subscrtion to. ( updates itself)

________________________________



______________________________

Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner
    ( Do not use the Registry function to clean anything with this program. Having anything auto clean your regisrty is risky).


AVG Anti-Spyware:
________________________________________
Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).



    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    • Open up AVG anti Malware
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
  • Make sure that Set all elements to: shows Quarantine
  • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
  • When the program has finished, it will display the message All actions have been applied.
  • Then click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
  • Reboot in normal mode.

_________________________________

You said you ran Kasperskys online. Did it finish the scan and did you save a log from it?
If you saved the log I would like to see it. Post it in its entirety in your next reply.


_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from AVG anti spyware
  • The report from Kasperskys if you have it.
  • Is this a work computer? I see something involving the EPA.. Can you confirm this for me.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Worm problem

Unread postby cee316 » November 15th, 2007, 7:23 pm

Hi there, thanks for helping me out!
I got rid of one antivirus, and I got rid of Messenger Plus with HijackThis.

I didn't get to finish the first Kaspersky scan, so I don't have a log. Should I run another? Also, this isn't a work computer, just a personal one.

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:17:10 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\Analyze.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Cee\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7C6E92FA-4429-4FB6-909B-798E2EFFAEF0} (NCWeb.Launcher) - http://lineage2.plaync.co.kr/common/ocx/ncweb.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProtect/ ... _vista.cab
O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} - https://nprotect.ncsoft.co.kr/nProtect/ ... ft/npz.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52D4AF70-279D-4F44-969C-1052501CFADC}: NameServer = 204.47.244.61,67.69.184.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC83F744-3B29-4B32-82F0-4B5D31EEF68B}: NameServer = 204.47.244.61,67.69.184.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{52D4AF70-279D-4F44-969C-1052501CFADC}: NameServer = 204.47.244.61,67.69.184.11
O17 - HKLM\System\CS3\Services\Tcpip\..\{52D4AF70-279D-4F44-969C-1052501CFADC}: NameServer = 204.47.244.61,67.69.184.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe




AVG log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:13:45 PM 11/15/2007

+ Scan result:



:mozilla.10:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.151:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.152:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.239:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.11:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.163:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.171:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.173:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.177:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.178:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.179:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.180:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.181:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.203:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.240:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.245:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.265:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.267:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.268:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.272:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.317:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.319:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.335:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.562:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.565:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.691:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.701:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.740:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.744:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.132:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.135:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.136:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.137:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.138:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.139:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.181:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.182:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.183:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.184:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.185:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.186:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.187:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.188:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.189:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.190:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.191:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.73:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.74:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.75:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.444:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.445:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.446:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.447:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.448:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.449:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.450:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.206:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.207:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.97:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.98:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.141:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.142:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.143:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.144:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.145:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.103:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.46:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.454:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.112:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.113:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.114:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.881:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.286:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.287:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.72:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.75:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.76:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.131:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.132:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.133:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.134:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.54:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.55:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.56:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.57:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.58:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.62:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.63:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.64:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.65:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.66:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.416:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.422:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.423:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.424:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.288:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.289:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.290:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.291:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.299:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.300:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.113:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.43:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.67:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.83:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.408:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.198:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.199:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.717:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.718:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.719:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.82:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.83:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.166:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.167:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.168:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.169:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.257:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.258:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.259:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.260:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.259:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.260:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.261:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.262:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.263:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.264:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.400:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.401:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.791:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.792:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.793:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.794:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.795:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.796:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.797:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.798:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.799:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.800:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.142:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.147:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.148:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.154:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.20:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.21:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.27:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.289:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.28:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.290:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.291:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.294:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.298:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.461:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.581:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.582:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.679:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.824:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.825:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.877:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.351:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.422:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.445:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.446:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.484:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.485:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.462:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.838:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.482:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.483:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.363:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.364:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.365:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.615:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.696:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.202:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.203:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.204:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.205:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.397:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.398:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.399:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.400:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.401:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.402:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.403:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.404:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.92:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.93:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.94:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.95:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.639:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.640:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.641:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.735:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.736:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.655:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.656:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.657:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.34:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.35:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.36:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.37:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.38:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.39:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.40:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.41:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.42:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.495:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.659:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.660:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.661:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.662:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.663:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.664:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.665:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.666:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.667:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.668:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.669:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.803:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.394:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.395:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.230:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.285:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.470:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.471:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.472:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.473:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.474:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.475:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.678:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.679:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.680:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.681:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.682:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.249:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.250:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.349:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.350:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.687:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.688:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.925:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.926:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.927:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.212:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.213:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.214:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.215:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.216:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.217:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.218:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.219:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.220:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.221:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.222:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.223:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.224:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.225:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.245:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.246:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.247:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.248:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.577:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.712:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.713:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.714:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.715:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.704:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.705:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.706:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.182:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.183:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.184:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.185:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.186:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.187:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.188:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.189:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.190:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.726:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.727:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.728:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.729:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.730:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.731:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.115:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.47:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.734:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.750:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.751:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.752:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.625:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.414:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.417:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.766:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.103:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.104:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.105:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.106:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.107:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.108:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.109:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.782:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.783:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.784:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.785:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\l0pwwyp6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.22:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.24:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.25:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.26:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.451:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.452:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.453:C:\Documents and Settings\Cee\Application Data\Mozilla\Firefox\Profiles\ufltcv87.Cee\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end


Thanks again!
cee316
Active Member
 
Posts: 7
Joined: November 12th, 2007, 10:58 pm

Re: Worm problem

Unread postby Bob4 » November 17th, 2007, 8:06 am

Sorry for the delay in responding. My human error! :oops:

______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\



_________________________________
Please do an online scan with Kaspersky Online Scanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
Scan using the following Anti-Virus database:

Extended (If available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan select My Computer


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information in your next post.


_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from Kasperskys

User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Worm problem

Unread postby cee316 » November 17th, 2007, 11:15 pm

I removed what you said and got a new log, but the Kaspersky online scan doesn't work at all :? When I click scan now, nothing happens. What should I do? It might work if I downloaded the trial and then ran it in safe mode.

Anyway, I'll wait for your reply before I do anything :) thanks again for the help!

HIjackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:26:11 PM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\HJT\Analyze.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Cee\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7C6E92FA-4429-4FB6-909B-798E2EFFAEF0} (NCWeb.Launcher) - http://lineage2.plaync.co.kr/common/ocx/ncweb.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProtect/ ... _vista.cab
O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} - https://nprotect.ncsoft.co.kr/nProtect/ ... ft/npz.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52D4AF70-279D-4F44-969C-1052501CFADC}: NameServer = 204.47.244.61,67.69.184.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC83F744-3B29-4B32-82F0-4B5D31EEF68B}: NameServer = 204.47.244.61,67.69.184.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{52D4AF70-279D-4F44-969C-1052501CFADC}: NameServer = 204.47.244.61,67.69.184.11
O17 - HKLM\System\CS3\Services\Tcpip\..\{52D4AF70-279D-4F44-969C-1052501CFADC}: NameServer = 204.47.244.61,67.69.184.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
cee316
Active Member
 
Posts: 7
Joined: November 12th, 2007, 10:58 pm

Re: Worm problem

Unread postby Bob4 » November 18th, 2007, 8:33 am

Are you running it with internet explorer ? Firefox won't work.

We will check a few things.
NOTE: I do like Kasperskys scan better. Please try it first.

Let's check your IE settings and see if we can get an online scan going.
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click on the Security tab
  3. Click the Internet icon so it becomes highlighted.
  4. Click on Default Level and click Ok
  5. Click on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Check that Script ActiveX controls marked safe for scripting is set to Enabled or Prompt
    • Check that Run ActiveX controls and plugins is Enabled
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • Check that Active Scripting is set to Enabled
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  6. Next press the Apply button and then the OK to exit the Internet Properties page.
Open a new IE window and try to run the online scan.



________________________________

If that doesn't work let's try Panda's.




Panda
Run Panda's ActiveScan from here and perform a full system scan.
- Once you are on the Panda site click the "Scan your PC" button
- A new window will open...click the big "Check Now" button
- Enter your Country
- Enter your State/Province
- Enter your Valid Email
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Click on "Local Disks" to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
- Post Panda scan results in your next reply

Post the log from which ever one you can do.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Worm problem

Unread postby cee316 » November 18th, 2007, 8:18 pm

I did the changes in Internet Explorer's options, but neither Kaspersky or Panda work at all. When I click the scan now icon, it doesn't give any indication that it's starting anything at all.
cee316
Active Member
 
Posts: 7
Joined: November 12th, 2007, 10:58 pm

Re: Worm problem

Unread postby Bob4 » November 18th, 2007, 9:11 pm

1. Download Combo fix from one of these locations. ( Please save it to your desktop )
http://www.techsupportforum.com/sectool ... mboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

combofix.exe

2.Close all open windows
3. Double click combofix.exe & follow the prompts.
4. When finished, it shall produce a log for you. Post that log in your next reply . (c:\comboFix.txt)

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Worm problem

Unread postby cee316 » November 18th, 2007, 10:08 pm

Here is the ComboFix report!


ComboFix 07-11-08.1 - Cee 2004-11-18 21:05:18.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.616 [GMT -5:00]
Running from: C:\Documents and Settings\Cee\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-18 20:56 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-15 17:26 <DIR> d-------- C:\Documents and Settings\Cee\Application Data\Grisoft
2007-11-15 17:26 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-14 20:16 <DIR> d-------- C:\Program Files\Ventrilo
2007-11-12 21:25 <DIR> d-------- C:\Program Files\a-squared Free
2007-11-12 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-12 21:17 <DIR> d-------- C:\Temp
2007-11-12 19:00 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-11-12 19:00 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-11-12 19:00 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-11-10 20:59 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-10 20:59 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-10 19:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-10 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-07 10:18 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-11-07 10:16 <DIR> d-------- C:\Program Files\World of Warcraft
2007-11-05 17:16 <DIR> d-------- C:\Program Files\QuickTime
2007-11-04 19:19 <DIR> d-------- C:\Nexon
2007-11-04 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2007-11-02 19:51 <DIR> d-------- C:\Program Files\SecondLife
2007-11-02 19:51 <DIR> d-------- C:\Documents and Settings\Cee\Application Data\SecondLife
2007-11-02 09:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2007-10-27 13:00 <DIR> d-------- C:\Program Files\LegacyGamers
2007-10-25 21:09 <DIR> d-------- C:\FALCOM
2007-10-25 21:09 <DIR> d-------- C:\Documents and Settings\Cee\Application Data\FALCOM
2007-10-23 17:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-23 17:00 <DIR> d-------- C:\Documents and Settings\Cee\Application Data\SUPERAntiSpyware.com
2007-10-23 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-22 20:02 <DIR> d-------- C:\WINDOWS\speech
2007-10-11 20:05 <DIR> d-------- C:\Program Files\UT2004
2007-10-10 21:21 <DIR> d-------- C:\WINDOWS\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-29 22:00 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-02 21:09 --------- d--h--w C:\Documents and Settings\Cee\Application Data\ijjigame
2007-10-02 21:07 --------- d-----w C:\Program Files\ijji Gunz
2007-09-10 16:55 692,224 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2007-08-22 14:12 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 14:12 658,944 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 14:12 615,424 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 14:12 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 14:12 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 14:12 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 14:12 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 14:12 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 14:12 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 14:12 3,058,176 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 14:12 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 14:12 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 14:12 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 14:12 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 14:12 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 14:12 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 14:12 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 14:12 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 11:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 07:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 07:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-10 02:10 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2007-08-10 02:10 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2007-08-10 02:10 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2007-08-09 01:02 235,008 ----a-w C:\WINDOWS\UNBOC.EXE
2007-02-01 21:35 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-01-02 20:40 54 ----a-w C:\Program Files\Common Files\appop.log
1999-07-07 01:00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-04-30 18:07]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 05:22]
"nwiz"="nwiz.exe" [2006-06-01 05:22 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"DIRECTCD"="C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe" [2005-10-25 00:49]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 02:47]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 01:22 C:\WINDOWS\system32\nvmctray.dll]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 01:28]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-12 19:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-11-15 17:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\Cee\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2007-06-25 21:56:40]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-16 21:28:49]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-02 15:34:22]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-29 09:39:49]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys
R2 LogWatch;Event Log Watch;C:\WINDOWS\LogWatNT.exe
R2 npkcmsvc;npkcmsvc;C:\WINDOWS\system32\npkcmsvc.exe
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
S3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b27104a4-9296-11db-9590-001731d8ffa6}]
\Shell\AutoRun\command - E:\autoplay.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-12 22:12:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 21:07:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 21:07:24
.
--- E O F ---
cee316
Active Member
 
Posts: 7
Joined: November 12th, 2007, 10:58 pm

Re: Worm problem

Unread postby Bob4 » November 19th, 2007, 10:14 pm


  • Create a folder on your desktop called Sysclean.
  • Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.
  • Go to http://www.trendmicro.com/download/pattern.asp and download the Virus Pattern File (Official Pattern Release) to your desktop.
    This file will be called lptXXX.zip (XXX represents the version number)
  • Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX. Read here how to unzip/extract properly.
  • Move the lpt$vpn.XXX to the Sysclean-folder you created on your desktop.
  • Open the sysclean-folder and doubleclick sysclean.com.
  • Check: "Automatically clean or delete detected files".
  • Click scan.



Open your sysclean-folder and copy and paste the contents of sysclean.log in your next reply.


_______________________________________
Download Deckards system scanner to your Desktop.
Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.

2. Double-click on dss.exe to run it, and follow the prompts.

3. When the scan is complete, it will create two text files - main.txt <- this one will be maximized and extra.txt<-this one will be minimized on your Taskbar.

4. Copy/paste both logs back here please (they will also be located at (C:\\Deckard\\System Scanner)

Next reply:
  • The report from Micro trend
  • The report from deckards system scanner
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Worm problem

Unread postby cee316 » November 20th, 2007, 5:04 pm

Here are the two log files!

Sysclean Log:



/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2007-11-20, 07:38:52, Auto-clean mode specified.
2007-11-20, 07:38:52, Running scanner "C:\Documents and Settings\Cee\Desktop\Sysclean\TSC.BIN"...
2007-11-20, 07:39:05, Scanner "C:\Documents and Settings\Cee\Desktop\Sysclean\TSC.BIN" has finished running.
2007-11-20, 07:39:05, TSC Log:

2007-11-20, 07:39:38, An error was detected on "C:\Documents and Settings\Cee\Desktop\Stuff\My Music\Utada Hikaru ??????\*.*": The filename, directory name, or volume label syntax is incorrect.
2007-11-20, 07:39:38, An error was detected on "C:\Documents and Settings\Cee\Desktop\Stuff\My Music\Mika Nakashima ????\*.*": The filename, directory name, or volume label syntax is incorrect.
2007-11-20, 07:39:39, An error was detected on "C:\Documents and Settings\Cee\Desktop\Stuff\My Music\Ayumi Hamasaki ?????\*.*": The filename, directory name, or volume label syntax is incorrect.
2007-11-20, 07:39:39, An error was detected on "C:\Documents and Settings\Cee\Desktop\Stuff\My Music\Koda Kumi ????\*.*": The filename, directory name, or volume label syntax is incorrect.
2007-11-20, 07:39:39, An error was detected on "C:\Documents and Settings\Cee\Desktop\Stuff\My Music\Nobuo Uematsu ????\*.*": The filename, directory name, or volume label syntax is incorrect.
2007-11-20, 07:39:39, An error was detected on "C:\Documents and Settings\Cee\Desktop\Stuff\My Music\Hyori ???\*.*": The filename, directory name, or volume label syntax is incorrect.
2007-11-20, 07:39:39, An error was detected on "C:\Documents and Settings\Cee\Desktop\Stuff\My Music\Maaya Sakamoto ????\*.*": The filename, directory name, or volume label syntax is incorrect.
2007-11-20, 07:39:40, An error was detected on "C:\Documents and Settings\Cee\Desktop\Stuff\My Music\?????????\*.*": The filename, directory name, or volume label syntax is incorrect.
2007-11-20, 08:09:15, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 11/20/2007 07:40:13
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 839 (261156 Patterns) (2007/11/19) (483900)
Command Line: C:\Documents and Settings\Cee\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Cee\Desktop\Sysclean

117673 files have been read.
117673 files have been checked.
96912 files have been scanned.
163852 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/20/2007 08:09:14
---------*---------*---------*---------*---------*---------*---------*---------*
2007-11-20, 08:09:15, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 11/20/2007 07:40:13
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 839 (261156 Patterns) (2007/11/19) (483900)
Command Line: C:\Documents and Settings\Cee\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Cee\Desktop\Sysclean

117673 files have been read.
117673 files have been checked.
96912 files have been scanned.
163852 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/20/2007 08:09:14 29 minutes (1740.61 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-11-20, 08:09:15, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 11/20/2007 07:40:13
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 839 (261156 Patterns) (2007/11/19) (483900)
Command Line: C:\Documents and Settings\Cee\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Cee\Desktop\Sysclean

117673 files have been read.
117673 files have been checked.
96912 files have been scanned.
163852 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/20/2007 08:09:14 29 minutes (1740.61 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-11-20, 08:09:15, Scanner "C:\Documents and Settings\Cee\Desktop\Sysclean\VSCANTM.BIN" has finished running.




Deckard's System Scanner Log #1:

Deckard's System Scanner v20071014.68
Run by Cee on 2007-11-20 15:59:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
14: 2007-11-20 20:59:19 UTC - RP209 - Deckard's System Scanner Restore Point
13: 2007-11-20 00:57:45 UTC - RP208 - System Checkpoint
12: 2004-11-19 02:05:01 UTC - RP207 - ComboFix created restore point
11: 2007-11-19 00:05:26 UTC - RP206 - Software Distribution Service 3.0
10: 2007-11-17 22:37:39 UTC - RP205 - Installed Java(TM) 6 Update 3


-- First Restore Point --
1: 2007-11-10 23:24:03 UTC - RP196 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Cee.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:59:59 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Documents and Settings\Cee\Desktop\dss.exe
C:\PROGRA~1\HJT\Cee.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DIRECTCD] "C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Cee\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7C6E92FA-4429-4FB6-909B-798E2EFFAEF0} (NCWeb.Launcher) - http://lineage2.plaync.co.kr/common/ocx/ncweb.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProtect/ ... _vista.cab
O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} - https://nprotect.ncsoft.co.kr/nProtect/ ... ft/npz.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52D4AF70-279D-4F44-969C-1052501CFADC}: NameServer = 204.47.244.61,67.69.184.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC83F744-3B29-4B32-82F0-4B5D31EEF68B}: NameServer = 204.47.244.61,67.69.184.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{52D4AF70-279D-4F44-969C-1052501CFADC}: NameServer = 204.47.244.61,67.69.184.11
O17 - HKLM\System\CS3\Services\Tcpip\..\{52D4AF70-279D-4F44-969C-1052501CFADC}: NameServer = 204.47.244.61,67.69.184.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HJT\backups\) -------------------------

backup-20071115-172420-909 O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
backup-20071117-172545-359 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071117-172545-902 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - unable to read key
.js - unable to read key
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ivicd (Ivi CDVD Filter Driver) - c:\windows\system32\drivers\ivicd.sys <Not Verified; InterVideo; InterVideo C/DVD Filter Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital HD Audio Driver>
R3 AEAudio (AE Audio Service) - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 BOCDRIVE (BOClean Kernel Monitor.) - c:\program files\comodo\cboclean\bocdrive.sys (file missing)
S3 catchme - c:\docume~1\cee\locals~1\temp\catchme.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 iviudf - c:\windows\system32\drivers\iviudf.sys <Not Verified; InterVideo; UDF File System Driver>
S3 npkcrypt - c:\program files\gravity\ro\npkcrypt.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 LogWatch (Event Log Watch) - c:\windows\logwatnt.exe
R2 npkcmsvc - c:\windows\system32\npkcmsvc.exe <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Manager Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\FFFFFFFFFFFFFFFF
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\FFFFFFFFFFFFFFFF
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2007-11-19 17:12:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-18 19:05:35 0 d-------- C:\WINDOWS\network diagnostic
2007-11-15 17:29:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-15 17:26:35 0 d-------- C:\Documents and Settings\Cee\Application Data\Grisoft
2007-11-15 17:11:57 0 dr-h----- C:\Documents and Settings\Cee\Recent
2007-11-14 20:16:47 0 d-------- C:\Program Files\Ventrilo
2007-11-12 21:25:33 0 d-------- C:\Program Files\a-squared Free
2007-11-12 21:18:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-12 21:17:51 0 d-------- C:\Temp
2007-11-12 19:00:34 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-11-10 22:40:14 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-10 20:59:47 82258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-10 20:59:47 82258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-10 19:18:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-10 19:18:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-07 10:18:50 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-11-07 10:16:40 0 d-------- C:\Program Files\World of Warcraft
2007-11-05 17:16:04 0 d-------- C:\Program Files\QuickTime
2007-11-04 19:19:04 0 d-------- C:\Nexon
2007-11-04 19:18:52 0 d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2007-11-02 19:51:43 0 d-------- C:\Documents and Settings\Cee\Application Data\SecondLife
2007-11-02 19:51:30 0 d-------- C:\Program Files\SecondLife
2007-11-02 09:13:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2007-10-27 13:00:50 0 d-------- C:\Program Files\LegacyGamers
2007-10-25 21:09:23 0 d-------- C:\Documents and Settings\Cee\Application Data\FALCOM
2007-10-25 21:09:21 0 d-------- C:\FALCOM
2007-10-23 17:00:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-23 17:00:15 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-10-23 17:00:15 0 d-------- C:\Documents and Settings\Cee\Application Data\SUPERAntiSpyware.com
2007-10-22 20:02:01 0 d-------- C:\WINDOWS\speech


-- Find3M Report ---------------------------------------------------------------

2007-10-31 18:21:52 1786 --a------ C:\WINDOWS\mozver.dat
2007-10-11 20:05:30 0 d-------- C:\Program Files\UT2004
2007-10-02 16:09:22 0 d--h----- C:\Documents and Settings\Cee\Application Data\ijjigame
2007-10-02 16:07:40 0 d-------- C:\Program Files\ijji Gunz
2007-09-10 11:55:54 692224 --a------ C:\WINDOWS\system32\ijjiSetup.exe <Not Verified; NHN USA; ijjiSetup Application>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [04/30/2006 06:07 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [04/10/2006 09:19 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/01/2006 05:22 AM]
"nwiz"="nwiz.exe" [06/01/2006 05:22 AM C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"DIRECTCD"="C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe" [10/25/2005 12:49 AM]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [01/21/2005 02:47 AM]
"NvMediaCenter"="NvMCTray.dll" [06/01/2006 01:22 AM C:\WINDOWS\system32\nvmctray.dll]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [10/10/2007 01:28 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/19/2007 08:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [11/12/2007 07:00 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/15/2007 05:28 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:56 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

C:\Documents and Settings\Cee\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [6/25/2007 9:56:40 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/16/2006 9:28:49 PM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [1/2/2007 3:34:22 PM]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [6/29/2007 9:39:49 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll 12/20/2001 11:34 PM 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b27104a4-9296-11db-9590-001731d8ffa6}]
AutoRun\command- E:\autoplay.exe




-- End of Deckard's System Scanner: finished at 2007-11-20 16:00:19 ------------



Deckard's System Scanner Log #2:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1022.48 MiB / 608.44 MiB
Pagefile Memory (total/avail): 2461.14 MiB / 2090.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.86 MiB

C: is Fixed (FAT32) - 74.51 GiB total, 13.97 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD800JB-00FMA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 74.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Kaspersky Anti-Virus v7.0.0.125 (Kaspersky Lab) Outdated
AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Cee\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=U-4432620F579B4
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Cee
LOGONSERVER=\\U-4432620F579B4
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ALZip\;C:\Program Files\QuickTime\QTSystem;C:\Program Files\ALZip\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Cee\LOCALS~1\Temp
TMP=C:\DOCUME~1\Cee\LOCALS~1\Temp
USERDOMAIN=U-4432620F579B4
USERNAME=Cee
USERPROFILE=C:\Documents and Settings\Cee
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Cee (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
--> "C:\Program Files\InstallShield Installation Information\{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}\setup.exe" --u:{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}
--> "C:\Program Files\InstallShield Installation Information\{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}\setup.exe" --u:{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 3.0 --> "C:\Program Files\a-squared Free\unins000.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
ALZip --> "C:\Program Files\ALZip\unins000.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Camera Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CEP - Color Enable Package --> "C:\PROGRA~1\EAGAME~1\zCEP_Uninstaller\unins000.exe"
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
Gaim (remove only) --> C:\Program Files\Gaim\gaim-uninst.exe
GTK+ Runtime 2.6.9 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 1.99.1 --> C:\Program Files\HJT\HijackThis.exe /uninstall
ijji - Gunz --> C:\Program Files\ijji Gunz\Gunz\Uninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
InterVideo Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AEEE6D6-C95D-465A-B8D3-B7AE2FA7B8B4}\setup.exe" REMOVEALL
iPod for Windows 2005-06-26 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{654F0312-CB3D-4FE2-962C-6BB9752E9146} /l1033
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KartRider --> "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33562881 -locale:US
Last.fm 1.3.2.13 --> "C:\Program Files\Last.fm\unins000.exe"
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Messenger Plus! 3 --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.9) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
nProtect KeyCrypt --> C:\WINDOWS\system32\npkuninst.exe
nProtect Netizen(remove only) --> C:\WINDOWS\system32\npnuninst.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tablet --> C:\Program Files\Tablet\Remove.exe /u
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 University --> C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
Unreal Tournament 2004 --> C:\Program Files\UT2004\System\Setup.exe uninstall "UT2004"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{85DD724B-15E5-4572-81BF-CF9031D83848}
VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WindowBlinds --> C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
YsF --> C:\FALCOM\FSETUP2.EXE /s YSF_WIN\FALCOM.INF /u


-- Application Event Log -------------------------------------------------------

Event Record #/Type5675 / Error
Event Submitted/Written: 11/20/2007 04:00:03 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type5622 / Error
Event Submitted/Written: 11/14/2007 08:45:35 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ventrilo.exe, version 3.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x4b435553.
Processing media-specific event for [ventrilo.exe!ws!]

Event Record #/Type5613 / Error
Event Submitted/Written: 11/13/2007 08:12:56 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.
Processing media-specific event for [aim.exe!ws!]

Event Record #/Type5562 / Warning
Event Submitted/Written: 11/10/2007 10:42:43 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type5561 / Warning
Event Submitted/Written: 11/10/2007 10:41:28 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type30279 / Error
Event Submitted/Written: 11/20/2007 03:55:54 PM / 11/20/2007 03:56:24 PM
Event ID/Source: 5002 / NIC1394
Event Description:
1394 Net Adapter : Has determined that the adapter is not functioning properly.

Event Record #/Type30278 / Warning
Event Submitted/Written: 11/20/2007 03:56:12 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001731D8FFA6. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type30253 / Error
Event Submitted/Written: 11/20/2007 07:29:13 AM / 11/20/2007 07:29:43 AM
Event ID/Source: 5002 / NIC1394
Event Description:
1394 Net Adapter : Has determined that the adapter is not functioning properly.

Event Record #/Type30252 / Warning
Event Submitted/Written: 11/20/2007 07:29:31 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001731D8FFA6. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type30248 / Warning
Event Submitted/Written: 11/19/2007 10:13:33 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2007-11-20 16:00:19 ------------
cee316
Active Member
 
Posts: 7
Joined: November 12th, 2007, 10:58 pm

Re: Worm problem

Unread postby Bob4 » November 20th, 2007, 7:33 pm

Click start > Run > in the empty edit box copy&paste this line :

"%userprofile%\desktop\dss.exe" /daft

Read the disclaimer and click OK.
  • Click on the Scan button.
  • Place a checkmark next to the following entries in case they appear:

    .bat
    .cmd
    .inf
    .ini
    .reg
    .txt
    .vbs
  • Click the Fix button.
  • Re-scan and save a logfile. By default, it will save as daft.txt
  • I'll need that log later.
If everything is ok again, it should display the "all associations ok message"

Post back with the contents of daft.txt.




__________________________________________
Let's try and fix System restore.
PLease tell me what happens when you try and run system restore.

Let's try a simple thing to get started:

Go to Start " Run " type: Services.msc " OK.
Scroll down and find this service: system restore service
Double-click on it.
Under the start up type click Automatic.

Under the General tab, click the start button.
If you had to change any of these try system restore again.

Please let me know. Also let me know what other issues you may be having.

_______________________________________
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Worm problem

Unread postby cee316 » November 20th, 2007, 9:14 pm

Here is the new logfile. However, I didn't get a message that said 'all associations ok'

DAFT Log saved on 2007-11-20 20:06:18
-----------------------------------------------------------------------
.js - - DefaultIcon - unable to read key
.js - - shell\open\command - unable to read key


System restore still doesn't work properly -- when I load it up, nothing appears but a blank window. I also can't access the User Accounts function, or the Search function. Everything else seems to be working, though. Also, the PC seems to shut down very slowly.
cee316
Active Member
 
Posts: 7
Joined: November 12th, 2007, 10:58 pm

Re: Worm problem

Unread postby Bob4 » November 20th, 2007, 10:22 pm

I have 3 things for you to try . Try each of them and hopefully it will help.

Attempt 1

Right click My Computer
Then Propeties then system restore
Place a check mark by turn off system restore
Click APPLY
Windows will give you a warning click yes
REBOOT THE MACHINE NOW.
Then

go right back to the same place and unchecksystem restore
Click APPLYand OK


_______________________

Click start/run and copy these lines in 1 at a time hiting enter after each.
You should receive am message stating that registration was successful.

regsvr32 jscript

regsvr32 vb script

regsvr32 /i mshtml

________________________________

Open internet explorer and copy this address into the address bar.
res://C:\WINDOWS\system32\Restore\rstrui.exe/start.htm

accept the active X dialog when it appears.

Create a new restore point if possible now.

Leaving that window (IE explorer) open now try system restore again the normal way you do.

________________________


Close all and try system restore again.

_________________________________-

attempt 2:

click start/run and copy this in
C:\windows\inf

Now in the window that opens locate the sr.inf file.
Right click on it and choose install.
try system restore again.




__________________________________-
attempt 3:

download this file to your desktop:

http://windowsxp.mvps.org/reg/olereg.vbs

just clcik on it and it should tell you ole registration complete.
Try stsytem restore once again.

_________________________________

Let me know which of these if any helped.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Worm problem

Unread postby Bob4 » November 24th, 2007, 7:58 am

It's been a few days .
Have you been able to try these things ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 303 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware