Please help. A couple of days ago, I used VundoFix to remove a vundo trojan, but I continue to have problems (though not vundo). No more virus detections, but I get a lot of popups and occasional mystery program shortcuts installed to my desktop. I run NA VirusScan, Ad-Aware, and Spybot S&D every time I boot, and new detections keep popping up. I've also updated my SpywareBlaster definitions. Can someone figure out what might be wrong? I can post a HJT logfile if needed. TIA for the help.

Please post your Hijack This log.

Logfile of HijackThis v1.99.1 Scan saved at 5:15:09 PM, on 4/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.exe C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\retadpu2000219.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\UCVPN\cvpnd.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.exe C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin... R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local., O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\jaoexksd.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {E0FF74BE-C82D-4DF5-A9ED-2ABAD11F4768} - C:\WINDOWS\system32\geedb.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.exe O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\System32\FirstReboot.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\JOHNMO~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = uc.edu, O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UCVPN\cvpnd.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

You have no problem but if you have any connectivity problems after removing the 010 item with Hijack This run this program and the winsocks should be restored. WinsockFix Please download ATF-Cleaner to your desktop from this link http://www.atribune.org/content/view/19/2/ We will need it later in safe mode Download and install AVG Anti-Spyware We will need this later in safe mode Be sure to update AVG Anti- Spyware Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version. We will need it later in safe mode Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked": O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\jaoexksd.dll (file missing) O2 - BHO: (no name) - {E0FF74BE-C82D-4DF5-A9ED-2ABAD11F4768} - C:\WINDOWS\system32\geedb.dll (file missing) O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\JOHNMO~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab Exit Hijack this but remain in safe mode. Run Killbox from safe mode. Please double-click Killbox.exe to run it. Select: Delete on Reboot then Click on the All Files button. Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\WINDOWS\retadpu2000219.exe Return to Killbox, go to the File menu, and choose Paste from Clipboard. Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let us know if you receive this message!). If your computer does not restart automatically, please restart it manually. If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click Here to download and run missingfilesetup.exe. Then try Killbox again. Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared. AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side. Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop). Please post the AVG AntiSpyware report. Please download ComboFix to the desktop from this link: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Double-click combofix.exe Follow the prompts. (Don't click on the window while the program is running, it may cause your system to hang.) Please post the log it produces. Run Hijack This> click "open the misc. tool section"> click "open uninstall manager"> click "save list"> click "save"> click "yes"> post that log please. Update your java as soon as possible, this is how you got infected. Download the latest version of http://java.sun.com/javase/downloads/index.jsp Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed . Then from your desktop double-click on jre-1_6_0-windowsi586-p.exe to install the newest version.

OK, I was able to complete everything in the instructions, except the O10 object in the Hijack This list. It gave me this message: ******************* HijackThis cannot repair O10 Winsock LSP entries. You should use LSPFix for that, which is available from http://www.cexx.org/lspfix.htm. If the O10 item belongs to WebHancer, New.Net or CommonName, Spybot S&D can remove it automatically. Spybot S&D is available from http://www.spybot.info/. ******************** Is this a big deal? Anyway, I will post the three logs requested (AVG antispyware, Combofix, Hijack This uninstall list).

"**** *****" - 07-04-27 23:12:25 Service Pack 2 [SAFE MODE] ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\**** *****\Desktop\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\C\DOCUME~1 C:\qoobox\purity\C\DOCUME~1\JOHNMO~1 C:\qoobox\purity\C\DOCUME~1\JOHNMO~1\APPLIC~1 C:\qoobox\purity\C\DOCUME~1\JOHNMO~1\APPLIC~1\SEMBLY~1 C:\qoobox\purity\C\DOCUME~1\JOHNMO~1\APPLIC~1\SSTEM3~1 ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_CMDSERVICE -------\LEGACY_NETWORK_MONITOR ((((((((((((((((((((((((((((((( Files Created from 2007-03-27 to 2007-04-27 )))))))))))))))))))))))))))))))))) 2007-04-27 22:22 <DIR> d-------- C:\!KillBox 2007-04-27 22:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-04-26 19:27 <DIR> d-------- C:\WINDOWS\iiqf 2007-04-26 19:27 <DIR> d-------- C:\Program Files\Common Files\iiqf 2007-04-26 19:12 <DIR> d--hs---- C:\WINDOWS\Sm9obiBNb29yZQ 2007-04-24 23:05 <DIR> d-------- C:\VundoFix Backups 2007-04-24 13:50 1,382,840 ---hs---- C:\WINDOWS\system32\bdeeg.bak2 2007-04-24 12:17 1,382,565 ---hs---- C:\WINDOWS\system32\abadd.bak1 2007-04-24 12:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free 2007-04-19 22:27 <DIR> d-------- C:\Program Files\foobar2000 2007-04-19 22:27 <DIR> d-------- C:\DOCUME~1\JOHNMO~1\APPLIC~1\foobar2000 2007-04-08 09:39 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2007-04-08 09:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet 2007-04-06 23:53 <DIR> d-------- C:\WINDOWS\ASTULogTemp 2007-03-28 00:32 <DIR> d-------- C:\Program Files\Windows Mobile DST07 Updates 2007-03-27 23:51 <DIR> d-------- C:\Program Files\MSECache (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-27 22:06 -------- d-------- C:\Program Files\ewido anti-spyware 4.0 2007-04-27 21:07 -------- d-------- C:\DOCUME~1\JOHNMO~1\APPLIC~1\utorrent 2007-04-27 00:05 -------- d-------- C:\Program Files\spywareblaster 2007-03-28 00:25 -------- d-------- C:\Program Files\microsoft activesync 2007-03-28 00:03 2528 --a------ C:\DOCUME~1\JOHNMO~1\APPLIC~1\$_hpcst$.hpc 2007-03-27 07:57 -------- d---s---- C:\Program Files\xfire 2007-03-27 07:37 -------- d-------- C:\DOCUME~1\JOHNMO~1\APPLIC~1\xfire 2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-14 08:45 -------- d-------- C:\Program Files\utorrent 2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-07 14:00 -------- d-------- C:\Program Files\world of warcraft 2007-02-23 00:29 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-02-23 00:29 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundFusion"="RunDll32 hercplgs.cpl,BootEntryPoint" "McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "HGTXPEI"="C:\\WINDOWS\\System32\\FirstReboot.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE" "Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\tbmon.exe\"" "CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime" "hpfsched"="C:\\WINDOWS\\hpfsched.exe" "Acrobat Assistant 8.0"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\"" @="" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Steam"="" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\Wcescomm.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Acrobat Assistant.lnk" "backup"="C:\\WINDOWS\\pss\\Acrobat Assistant.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Distillr\\AcroTray.exe " "item"="Acrobat Assistant" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.exe " "item"="Adobe Gamma Loader" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^University Of Cincinnati VPN Client.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\University Of Cincinnati VPN Client.lnk" "backup"="C:\\WINDOWS\\pss\\University Of Cincinnati VPN Client.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\UCVPN\\IPSECD~1.exe \"-run_only_if_connected\" \"-auto_initiation\"" "item"="University Of Cincinnati VPN Client" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^**** *****^Start Menu^Programs^Startup^Skyscape smARTupdate.lnk] "path"="C:\\Documents and Settings\\**** *****\\Start Menu\\Programs\\Startup\\Skyscape smARTupdate.lnk" "backup"="C:\\WINDOWS\\pss\\Skyscape smARTupdate.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Skyscape\\SMARTU~1.exe " "item"="Skyscape smARTupdate" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="launchpd" "hkey"="HKCU" "command"="\"C:\\Program Files\\ATI Multimedia\\main\\launchpd.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ATIRW" "hkey"="HKCU" "command"="C:\\Program Files\\ATI Multimedia\\RemCtrl\\ATIRW.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DrgToDsc" "hkey"="HKLM" "command"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EngUtil" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ViewMgr" "hkey"="HKLM" "command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dfd7ce0-bb5e-11da-be74-00508df191e0}] Shell\AutoRun\command G:\JDSecure\Windows\JDSecure20.exe ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-04-27 23:14:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-27 23:14:19 C:\ComboFix-quarantined-files.txt ... 07-04-27 23:14

AVG Anti-Spyware - Scan Report + Created at: 11:10:51 PM 4/27/2007 + Scan result: C:\VundoFix Backups\jkklmlk.dll.bad -> Adware.Virtumonde : Cleaned. C:\VundoFix Backups\urqrpol.dll.bad -> Adware.Virtumonde : Cleaned. C:\Documents and Settings\John Moore\Local Settings\Temp\temp.fr982C\Programs\webhdll.dll -> Adware.WebHancer : Cleaned. C:\WINDOWS\b129.exe -> Adware.WebHancer : Cleaned. C:\System Volume Information\_restore{1248AAFE-640A-43EC-8316-DA649BAA3184}\RP795\A0129256.exe -> Downloader.Agent.bls : Cleaned. C:\WINDOWS\retadpu2000219.exe.tmp -> Downloader.Agent.bls : Cleaned. C:\Documents and Settings\John Moore\Local Settings\Temp\sdexe.exe -> Downloader.PurityScan.ee : Cleaned. C:\WINDOWS\b104.exe -> Downloader.Small.buy : Cleaned. C:\Program Files\Common Files\iiqf\iiqfd\vocabulary -> Downloader.TSUpdate.j : Cleaned. C:\WINDOWS\b103.exe -> Downloader.TSUpdate.o : Cleaned. :mozilla.83:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.86:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.87:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.88:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.91:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.92:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.93:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.801:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned. :mozilla.374:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.375:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.802:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.715:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Clickhype : Cleaned. :mozilla.166:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.167:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.168:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.169:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.170:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.171:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.172:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.173:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.174:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.27:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.28:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.29:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.30:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.505:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.506:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.285:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.286:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.287:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.288:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.306:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.307:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.761:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.762:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.39:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Netflame : Cleaned. :mozilla.40:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Netflame : Cleaned. :mozilla.847:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Paypal : Cleaned. :mozilla.308:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.309:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.310:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.312:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.313:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.318:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.145:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.146:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.151:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.152:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.153:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.154:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.155:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.156:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.157:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.158:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.159:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.160:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.161:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.162:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.163:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.164:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.165:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.176:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.177:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.178:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.179:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.180:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.181:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.182:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.183:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.184:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.185:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.186:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.716:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.209:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.210:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.211:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.212:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.213:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.216:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.311:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.314:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.315:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.316:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.317:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.319:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.686:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Vortexmediagroup : Cleaned. :mozilla.745:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.709:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Yadro : Cleaned. :mozilla.289:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.290:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.291:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.292:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.293:C:\Documents and Settings\John Moore\Application Data\Mozilla\Firefox\Profiles\default.mkb\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. C:\WINDOWS\Sm9obiBNb29yZQ\mA6Cv21hvZ6Vtk.vbs -> Trojan.Small : Cleaned. ::Report end