Virusbursters and Spyheal

Computing.Net > Forums > Security and Virus > Virusbursters and Spyheal

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Virusbursters and Spyheal

Name: zepplin30
Date: November 10, 2006 at 19:24:09 Pacific
OS: XP with SP2
CPU/Ram: .
Product: emachine

Comment:

I have the annoying pop ups and icons in my tray from virusbursters and Spyheal. I have tried everything but am ready to admit defeat. Can someone please help me get rid of these programs. Here is my HJT log. Oh I am not supposed to do that until I am asked. I bet I will be asked next right?

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: November 10, 2006 at 19:31:06 Pacific

Reply:

Rename hijackthis.exe as that sometime helps locate the baddies. Go to start> search> files and folders> type in the top space "hijackthis.exe" without the quotes> click search> when it is found in the right pane (looks like a pile of dynamite)>right click on it> click rename> rename it "show.exe" without the quotes> click a blank space on the screen.
Please download SmitRemFix from this link http://siri.urz.free.fr/Fix/SmitfraudFix.zip Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Response Number 2

Name: zepplin30
Date: November 10, 2006 at 20:02:39 Pacific

Reply:

Ok thanks. Here it is.
SmitFraudFix v2.120
Scan done at 22:00:59.42, Fri 11/10/2006
Run from C:\Documents and Settings\Andy\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\okkmtv.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Andy

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Andy\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Andy\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\iVideoCodec\ FOUND !
C:\Program Files\VirusBursters\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"
[HKEY_CLASSES_ROOT\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINDOWS\system32\okkmtv.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINDOWS\system32\okkmtv.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Response Number 3

Name: jabuck
Date: November 10, 2006 at 20:10:49 Pacific

Reply:

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the "SmitfraudFix" folder again and double-click "smitfraudfix.cmd"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing " Y " and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if "wininet.dll " is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing "Y" and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt also post back with a Hijack This log.
Go to start> control panel> add remove programs and uninstall Spyheal if found.
Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the combofix.txt log.

Response Number 4

Name: zepplin30
Date: November 10, 2006 at 20:36:36 Pacific

Reply:

Ok here they are, and thanks again!
COMBOFIX
Andy - 06-11-10 22:27:13.89 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Andy\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-10-10 to 2006-11-10 ))))))))))))))))))))))))))))))))))

2006-11-10 22:01 1,960 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-08 18:43 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2006-11-08 18:43 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-08 17:53 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-10-27 15:09 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 02:44 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-17 13:05 206,336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:58 61,952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 266,752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:27 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-10 22:25 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-10 20:42 -------- d-------- C:\Program Files\Roguescanfix
2006-11-10 20:03 -------- d-------- C:\Program Files\XoftSpySE
2006-11-10 08:44 -------- d-------- C:\Program Files\PokerStars
2006-11-08 19:27 -------- d-------- C:\Program Files\Enigma Software Group
2006-11-08 18:33 -------- d-------- C:\Program Files\SpywareHeal
2006-11-08 18:07 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-11-08 18:00 -------- d-------- C:\Program Files\Internet Explorer
2006-11-07 18:58 -------- d-------- C:\Program Files\AWS
2006-11-07 18:57 -------- d-------- C:\Program Files\a-squared Free
2006-10-27 20:46 -------- d-------- C:\Program Files\Sierra On-Line
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-15 16:45 -------- d-------- C:\Program Files\CCleaner
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 09:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 06:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 03:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 05:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"Zango SiteFinder"="\"C:\\Program Files\\Zango SiteFinder\\ZangoSiteFinder.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SpyHunter"="C:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter.exe"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BigFix.lnk"
"backup"="C:\\WINDOWS\\pss\\BigFix.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BigFix\\BigFix.exe /atstartup"
"item"="BigFix"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MyWebSearch Email Plugin.lnk"
"backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MyWay\\bar\\3.bin\\MWSOEMON.exe "
"item"="MyWebSearch Email Plugin"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andy^Start Menu^Programs^Startup^HotSync Manager.lnk]
"path"="C:\\Documents and Settings\\Andy\\Start Menu\\Programs\\Startup\\HotSync Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\SONYHA~1\\HOTSYNC.exe "
"item"="HotSync Manager"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andy^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
"path"="C:\\Documents and Settings\\Andy\\Start Menu\\Programs\\Startup\\PowerReg SchedulerV2.exe"
"backup"="C:\\WINDOWS\\pss\\PowerReg SchedulerV2.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Andy\\Start Menu\\Programs\\Startup\\PowerReg SchedulerV2.exe"
"item"="PowerReg SchedulerV2"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mHotkey"
"hkey"="HKLM"
"command"="mHotkey.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\conscorr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="conscorr"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\conscorr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EbatesMoeMoneyMaker0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Ebates_MoeMoneyMaker\\EbatesMoeMoneyMaker0.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Enh Win Updt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="enhupdt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\enhupdt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C64 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_S4I2C1"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2C1.exe /P23 \"EPSON Stylus C64 Series\" /O6 \"USB002\" /M \"Stylus C64\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hkcmd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LXSUPMON"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\LXSUPMON.exe RUN"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkDetect"
"hkey"="HKCU"
"command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnappau"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\MSN Apps\\Updater\\01.03.0000.1005\\en-us\\msnappau.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mwsoemon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MyWay\\bar\\3.bin\\mwsoemon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oooyjc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="feavjqk"
"hkey"="HKLM"
"command"="c:\\windows\\system32\\feavjqk.exe r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\satmat]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="satmat"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\satmat.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STOPzilla]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Stopzilla"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\STOPzilla!\\Stopzilla.exe\" /autorun"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\WeatherCast\\Weather.exe\" /q"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebRebates0"
"hkey"="HKLM"
"command"="C:\\Program Files\\Web_Rebates\\WebRebates0.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Andy.job
C:\WINDOWS\tasks\XoftSpySE.job
Completion time: 06-11-10 22:32:27.57
C:\ComboFix.txt ... 06-11-10 22:32

SMITFRAUDFIX

SmitFraudFix v2.120
Scan done at 22:19:38.40, Fri 11/10/2006
Run from C:\Documents and Settings\Andy\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

HJT

Logfile of HijackThis v1.99.1
Scan saved at 10:36:07 PM, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.exe
C:\WINDOWS\system32\NOTEPAD.exe
C:\Documents and Settings\Andy\Desktop\show.exe.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zango SiteFinder] "C:\Program Files\Zango SiteFinder\ZangoSiteFinder.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/gam...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Response Number 5

Name: jabuck
Date: November 10, 2006 at 21:17:59 Pacific

Reply:

Go to add/ remove programs and remove these programs if found:
MyWebSearch
Zango
Zango Cash
WebRebates
Weatherbug
XoftSpySE
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download and install AVG Anti-Spyware We will need this later in safe mode
Be sure to update AVG Anti- Spyware
Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version. We will need it later in safe mode
Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zango SiteFinder] "C:\Program Files\Zango SiteFinder\ZangoSiteFinder.exe"
Exit Hijack This but remain in safe mode.
Run killbox from safe mode.
Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Program files\MyWay\bar\3.bin\MWSOEMON.exe
C:\WINDOWS\conscorr.exe
C:\WINDOWS\enhupdt.exe
c:\windows\system32\feavjqk.exe
C:\WINDOWS\satmat.exe
Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let us know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

Next reboot into safe mode and navigate to and delete these files if found and to make sure Killbox deleted them:
C:\Program files\MyWay\bar\3.bin\MWSOEMON.exe
C:\WINDOWS\conscorr.exe
C:\WINDOWS\enhupdt.exe
c:\windows\system32\feavjqk.exe
C:\WINDOWS\satmat.exe
From safe mode navigate to and delete these folders:
C:\Program files\MyWay
C:\Program Files\XoftSpySE
C:\Program Files\SpywareHeal
C:\Program Files\AWS
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Post the AVG-AntiSpyware log on your desktop,a new combofix log and a hijack This log please.

hp protect tools windows 7 microsoft multimedia keyboard 1.0a intel extreme graphics 2 driver WAN Miniport (ATW) microsoft multimedia keyboard 1.0a driver download philips pca300ps plus delux keyboard C:\Windows\System32\msxml3.dll Realtek AC'97 Audio wan miniport atw driver	epson cx3100 software odin software full form Apple Service Diagnostic ipod formatting lexmark 2600 music editing freeware stat command kill process script sed blank space kill process cmd
See More

Response Number 6

Name: zepplin30
Date: November 11, 2006 at 11:28:04 Pacific

Reply:

Ok first I went to add/remove programs and the only one there was XoftSpySE so I uninstalled it, though it still remains on my desktop.
Next I ran HJT and fixed the 2 files you specified.
Next I ran KillBox. After running I did recieve a message "PendingFileRenameOperations-Registry Data has been removed by external process" After rebooting I couldn't find any of the files you asked me to look for. I found a C:\WINDOWS\satmat.ini but not the same file with an .exe extension.
Next you asked me to find and delete 4 folders. I was able to locate and delete two of them....C:\Program Files\SpywareHeal and C:\Program Files\AWS. Did not see C:\Program Files\MyWay or C:\Program Files\XoftSpySE
Here are the HJT, combofix, and AVG AS logs.

HJT
Logfile of HijackThis v1.99.1
Scan saved at 1:08:38 PM, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Andy\Desktop\show.exe.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/gam...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
COMBOFIX
Andy - 06-11-11 13:10:09.48 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Andy\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-10-11 to 2006-11-11 ))))))))))))))))))))))))))))))))))

2006-11-11 11:44 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-11 10:58 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-11 10:58 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-11 10:58 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-11 10:58 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-11 10:58 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-10 22:01 1,960 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-08 18:43 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2006-11-08 18:43 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-08 17:53 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-10-27 15:09 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 02:44 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-17 13:05 206,336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:58 61,952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 266,752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:27 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-11 11:44 -------- d-------- C:\Program Files\Grisoft
2006-11-11 11:40 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-11 11:00 -------- d-------- C:\Documents and Settings\Andy\Application Data\AVG7
2006-11-11 01:24 -------- d-------- C:\Program Files\PokerStars
2006-11-10 20:42 -------- d-------- C:\Program Files\Roguescanfix
2006-11-08 19:27 -------- d-------- C:\Program Files\Enigma Software Group
2006-11-08 18:07 -------- d---s---- C:\Documents and Settings\Andy\Application Data\Microsoft
2006-11-08 18:07 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-11-08 18:00 -------- d-------- C:\Program Files\Internet Explorer
2006-11-07 18:58 -------- d-------- C:\Documents and Settings\Andy\Application Data\Lycos
2006-11-07 18:57 -------- d-------- C:\Program Files\a-squared Free
2006-10-27 20:46 -------- d-------- C:\Program Files\Sierra On-Line
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-15 16:45 -------- d-------- C:\Program Files\CCleaner
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 09:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 06:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 03:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 05:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SpyHunter"="C:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BigFix.lnk"
"backup"="C:\\WINDOWS\\pss\\BigFix.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BigFix\\BigFix.exe /atstartup"
"item"="BigFix"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MyWebSearch Email Plugin.lnk"
"backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MyWay\\bar\\3.bin\\MWSOEMON.exe "
"item"="MyWebSearch Email Plugin"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andy^Start Menu^Programs^Startup^HotSync Manager.lnk]
"path"="C:\\Documents and Settings\\Andy\\Start Menu\\Programs\\Startup\\HotSync Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\SONYHA~1\\HOTSYNC.exe "
"item"="HotSync Manager"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andy^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
"path"="C:\\Documents and Settings\\Andy\\Start Menu\\Programs\\Startup\\PowerReg SchedulerV2.exe"
"backup"="C:\\WINDOWS\\pss\\PowerReg SchedulerV2.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Andy\\Start Menu\\Programs\\Startup\\PowerReg SchedulerV2.exe"
"item"="PowerReg SchedulerV2"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mHotkey"
"hkey"="HKLM"
"command"="mHotkey.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\conscorr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="conscorr"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\conscorr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EbatesMoeMoneyMaker0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Ebates_MoeMoneyMaker\\EbatesMoeMoneyMaker0.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Enh Win Updt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="enhupdt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\enhupdt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C64 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_S4I2C1"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2C1.exe /P23 \"EPSON Stylus C64 Series\" /O6 \"USB002\" /M \"Stylus C64\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hkcmd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LXSUPMON"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\LXSUPMON.exe RUN"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkDetect"
"hkey"="HKCU"
"command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnappau"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\MSN Apps\\Updater\\01.03.0000.1005\\en-us\\msnappau.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mwsoemon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MyWay\\bar\\3.bin\\mwsoemon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oooyjc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="feavjqk"
"hkey"="HKLM"
"command"="c:\\windows\\system32\\feavjqk.exe r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\satmat]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="satmat"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\satmat.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STOPzilla]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Stopzilla"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\STOPzilla!\\Stopzilla.exe\" /autorun"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\WeatherCast\\Weather.exe\" /q"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebRebates0"
"hkey"="HKLM"
"command"="C:\\Program Files\\Web_Rebates\\WebRebates0.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Andy.job
Completion time: 06-11-11 13:12:14.81
C:\ComboFix.txt ... 06-11-11 13:12
C:\ComboFix2.txt ... 06-11-10 22:32

AVG AS
AVG Anti-Spyware - Scan Report

+ Created at: 1:02:44 PM 11/11/2006
+ Scan result:
C:\temp\ZangoInstaller.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-705129307-334150648-1245802468-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelvis\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelvis\Start Menu\Programs\WhenU\Learn More About Save!.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelvis\Start Menu\Programs\WhenU\Learn More About SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelvis\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Start Menu\Programs\WeatherCast -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Start Menu\Programs\WeatherCast\WeatherCast.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Sarbear\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Sarbear\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Sarbear\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Sarbear\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\Program Files\Lazy f---erz.zip/Lazy f---erz/Lazy f---erz!/Lazyf---ers!.exe -> Backdoor.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\ipod\Local Settings\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\Cache\B23E4567d01 -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.163:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Andy\Cookies\andy@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.166:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.167:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.168:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.18:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.355:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.356:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.357:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Abetterinternet : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Abetterinternet : Cleaned.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Abetterinternet : Cleaned.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Abetterinternet : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Abetterinternet : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Abetterinternet : Cleaned.
:mozilla.123:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.124:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.117:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.123:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.124:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.125:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.127:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.128:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.173:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.358:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.359:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.360:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.37:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.42:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.43:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.44:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.45:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.46:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.197:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.198:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.332:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.333:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.334:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.20:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.109:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.19:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\4wwo0qqz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.25:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\9xvwb5ky.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.33:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.41:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.62:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.131:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.175:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.176:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.177:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.209:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.210:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.347:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.67:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.120:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.121:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.16:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\4wwo0qqz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.17:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\4wwo0qqz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.18:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\4wwo0qqz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.47:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.48:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.49:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.50:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.70:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Cliks : Cleaned.
:mozilla.43:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\9xvwb5ky.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.94:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.147:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.15:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\4wwo0qqz.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.30:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.33:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\9xvwb5ky.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.37:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.107:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.108:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.109:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.110:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.111:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.112:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.113:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.114:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.115:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.116:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.117:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.118:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.36:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.115:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.116:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.71:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.72:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.73:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.74:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.129:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.73:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\9xvwb5ky.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.87:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.88:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.89:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.90:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.132:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.190:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.191:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.24:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\9xvwb5ky.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.139:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.140:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.219:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.220:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.236:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.75:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.76:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.77:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.235:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.155:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.156:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.157:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.158:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.39:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.40:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.41:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.42:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uw5h907i.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.63:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.64:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.65:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.66:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.246:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.247:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.145:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.146:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.248:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.46:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.47:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.48:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.11:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.12:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.13:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.14:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.15:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.131:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.122:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.281:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.282:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.283:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.284:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.66:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.85:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.86:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.118:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.119:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.162:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.79:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\9xvwb5ky.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.171:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.17:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\9xvwb5ky.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.18:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\9xvwb5ky.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.19:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\9xvwb5ky.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.20:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\9xvwb5ky.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.291:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.292:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.73:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.74:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.296:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.111:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.122:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.126:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.297:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.298:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.56:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.57:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.58:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.59:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.60:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.61:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.62:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.63:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.64:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.175:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.26:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\9xvwb5ky.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.27:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\9xvwb5ky.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.28:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\9xvwb5ky.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.29:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\9xvwb5ky.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.302:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.31:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\9xvwb5ky.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.32:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\9xvwb5ky.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.34:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\9xvwb5ky.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.52:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.53:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.54:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.55:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.8:C:\Documents and Settings\ipod\Application Data\Mozilla\Firefox\Profiles\2o2xv6qz.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.21:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.26:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.26:C:\Documents and Settings\Sarbear\Application Data\Mozilla\Firefox\Profiles\52i3cdl6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Kelvis\Application Data\Mozilla\Firefox\Profiles\4b2tpfsv.default\cookies.txt -> TrackingCookie.Yieldmanager

Response Number 7

Name: jabuck
Date: November 11, 2006 at 13:06:40 Pacific

Reply:

Looks much better.
Reboot into safe mode.
Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.
From safe mode navigate to and delete these files if found:
C:\Program Files\MyWay\bar\3.bin\MWSOEMON.exe
C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
Then navigate to and delete this folder if found:
C:\Program Files\MyWay
Reboot to normal mode.
Open notepad (Start Menu > Run > Type notepad and press "ok".
Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\conscorr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker0]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Enh Win Updt]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oooyjc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\satmat]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.
Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.
Please download Dr Web CureIt to your desktop from this link ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan.
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives.
A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable.
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log on your desktop.
Post a new combofix log please.

Response Number 8

Name: zepplin30
Date: November 11, 2006 at 15:42:50 Pacific

Reply:

Ok. I found and deleted the file named C:\WINDOWS\pss\MyWebSearch Email Plugin.inkcommonstartup No luck with the other file or the folder. Here are the logs. Thanks again for all your time and help! Its appreciated greatly.
DR.WEB
Process.exe;C:\Documents and Settings\Andy\Desktop\SmitfraudFix\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Andy\Desktop\SmitfraudFix\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
Process.exe;C:\Documents and Settings\Andy\Desktop\smitRem;Tool.Prockill;Incurable.Moved.;
SmileyCentralBetaSetup1.1.2.4-3.exe;C:\Documents and Settings\Kelvis\Desktop\misc;Adware.MWS;Incurable.Moved.;
npclntax.dll;C:\Program Files\Common Files\csshare\plugins;Adware.Zango;Incurable.Moved.;
npclntax.dll;C:\Program Files\Common Files\csshare\plugins0942;Adware.Zango;Incurable.Moved.;
npclntax.dll;C:\Program Files\Netscape\Netscape 6\Plugins;Adware.Zango;Incurable.Moved.;
Process.exe;C:\Program Files\Roguescanfix;Tool.Prockill;Incurable.Moved.;
A0000041.dll;C:\System Volume Information\_restore{6F4AEB76-DDEB-42B0-AEB8-23BE31C01CA6}\RP1;Adware.Minibug;Incurable.Moved.;
A0000042.dll;C:\System Volume Information\_restore{6F4AEB76-DDEB-42B0-AEB8-23BE31C01CA6}\RP1;Adware.Zango;Incurable.Moved.;
Andy - 06-11-11 17:30:17.50 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Andy\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-10-11 to 2006-11-11 ))))))))))))))))))))))))))))))))))

2006-11-11 11:44 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-11 10:58 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-11 10:58 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-11 10:58 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-11 10:58 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-11 10:58 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-10 22:01 1,960 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-08 18:43 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2006-11-08 18:43 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-08 17:53 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-10-27 15:09 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 02:44 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-17 13:05 206,336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:58 61,952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 266,752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:27 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-11 15:58 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-11 15:57 -------- d-------- C:\Program Files\Enigma Software Group
2006-11-11 11:44 -------- d-------- C:\Program Files\Grisoft
2006-11-11 11:00 -------- d-------- C:\Documents and Settings\Andy\Application Data\AVG7
2006-11-11 01:24 -------- d-------- C:\Program Files\PokerStars
2006-11-10 20:42 -------- d-------- C:\Program Files\Roguescanfix
2006-11-08 18:07 -------- d---s---- C:\Documents and Settings\Andy\Application Data\Microsoft
2006-11-08 18:07 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-11-08 18:00 -------- d-------- C:\Program Files\Internet Explorer
2006-11-07 18:58 -------- d-------- C:\Documents and Settings\Andy\Application Data\Lycos
2006-11-07 18:57 -------- d-------- C:\Program Files\a-squared Free
2006-10-27 20:46 -------- d-------- C:\Program Files\Sierra On-Line
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-15 16:45 -------- d-------- C:\Program Files\CCleaner
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 09:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 06:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 03:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 05:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BigFix.lnk"
"backup"="C:\\WINDOWS\\pss\\BigFix.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BigFix\\BigFix.exe /atstartup"
"item"="BigFix"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MyWebSearch Email Plugin.lnk"
"backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MyWay\\bar\\3.bin\\MWSOEMON.exe "
"item"="MyWebSearch Email Plugin"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andy^Start Menu^Programs^Startup^HotSync Manager.lnk]
"path"="C:\\Documents and Settings\\Andy\\Start Menu\\Programs\\Startup\\HotSync Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\SONYHA~1\\HOTSYNC.exe "
"item"="HotSync Manager"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andy^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
"path"="C:\\Documents and Settings\\Andy\\Start Menu\\Programs\\Startup\\PowerReg SchedulerV2.exe"
"backup"="C:\\WINDOWS\\pss\\PowerReg SchedulerV2.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Andy\\Start Menu\\Programs\\Startup\\PowerReg SchedulerV2.exe"
"item"="PowerReg SchedulerV2"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mHotkey"
"hkey"="HKLM"
"command"="mHotkey.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C64 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_S4I2C1"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2C1.exe /P23 \"EPSON Stylus C64 Series\" /O6 \"USB002\" /M \"Stylus C64\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hkcmd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LXSUPMON"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\LXSUPMON.exe RUN"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkDetect"
"hkey"="HKCU"
"command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnappau"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\MSN Apps\\Updater\\01.03.0000.1005\\en-us\\msnappau.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STOPzilla]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Stopzilla"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\STOPzilla!\\Stopzilla.exe\" /autorun"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Andy.job
Completion time: 06-11-11 17:34:36.92
C:\ComboFix.txt ... 06-11-11 17:34
C:\ComboFix2.txt ... 06-11-11 13:12
C:\ComboFix3.txt ... 06-11-10 22:32

Response Number 9

Name: jabuck
Date: November 11, 2006 at 16:35:17 Pacific

Reply:

Open notepad (Start Menu > Run > Type notepad and press "ok".
Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\MyWebSearch Email Plugin.lnk]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.
Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.
Post one more Combofix log.
Do you seem to be running better?

Response Number 10

Name: zepplin30
Date: November 14, 2006 at 16:38:42 Pacific

Reply:

Hey. Sorry but I had a few xtra days off work so I took advantage and got away for a few days and havent been online. Well the viruses seem to be gone as well as the pop-ups, though my computer seems to be running abnormally slow. Lemme get rid of some of the excess crap as well as some of the programs I have downloaded during this ordeal, defrag, and see what happens.
This computer is a shared computer at my house. My sister, her boyfriend, and any guests we have all use this computer. On my computer, I run Norton, Spybot S&D, and ad-aware se. I have never had any problems though I also use safe and practical internet practices. Anyway, I was wondering if you though the Spybot, Ad-Aware, AVG anti-spyware combo, if run regurly on here would help keep things running more smoothly. I have heard mixed responses on these freeware programs. Like I said before, combined with norton on my laptop, they seem to be working well though, again, generally stay on "trusted sites" and don't really download much.
Ok well let me know what you think and thank you so much again for all your help. Here is the most recent combofix log:

Andy - 06-11-14 18:24:23.34 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Andy\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-10-14 to 2006-11-14 ))))))))))))))))))))))))))))))))))

2006-11-11 11:44 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-11 10:58 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-11 10:58 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-11 10:58 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-11 10:58 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-11 10:58 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-10 22:01 1,960 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-08 18:43 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2006-11-08 18:43 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-08 17:53 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-10-27 15:09 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 02:44 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-17 13:05 206,336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:58 61,952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 266,752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:27 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-14 18:24 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-14 18:09 -------- d-------- C:\Documents and Settings\Andy\Application Data\AVG7
2006-11-13 15:35 -------- d-------- C:\Program Files\PokerStars
2006-11-11 15:57 -------- d-------- C:\Program Files\Enigma Software Group
2006-11-11 11:44 -------- d-------- C:\Program Files\Grisoft
2006-11-10 20:42 -------- d-------- C:\Program Files\Roguescanfix
2006-11-08 18:07 -------- d---s---- C:\Documents and Settings\Andy\Application Data\Microsoft
2006-11-08 18:07 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-11-08 18:00 -------- d-------- C:\Program Files\Internet Explorer
2006-11-07 18:58 -------- d-------- C:\Documents and Settings\Andy\Application Data\Lycos
2006-11-07 18:57 -------- d-------- C:\Program Files\a-squared Free
2006-10-27 20:46 -------- d-------- C:\Program Files\Sierra On-Line
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-15 16:45 -------- d-------- C:\Program Files\CCleaner
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 09:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 06:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 03:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 05:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BigFix.lnk"
"backup"="C:\\WINDOWS\\pss\\BigFix.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BigFix\\BigFix.exe /atstartup"
"item"="BigFix"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MyWebSearch Email Plugin.lnk"
"backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MyWay\\bar\\3.bin\\MWSOEMON.exe "
"item"="MyWebSearch Email Plugin"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andy^Start Menu^Programs^Startup^HotSync Manager.lnk]
"path"="C:\\Documents and Settings\\Andy\\Start Menu\\Programs\\Startup\\HotSync Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\SONYHA~1\\HOTSYNC.exe "
"item"="HotSync Manager"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andy^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
"path"="C:\\Documents and Settings\\Andy\\Start Menu\\Programs\\Startup\\PowerReg SchedulerV2.exe"
"backup"="C:\\WINDOWS\\pss\\PowerReg SchedulerV2.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Andy\\Start Menu\\Programs\\Startup\\PowerReg SchedulerV2.exe"
"item"="PowerReg SchedulerV2"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mHotkey"
"hkey"="HKLM"
"command"="mHotkey.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C64 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_S4I2C1"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2C1.exe /P23 \"EPSON Stylus C64 Series\" /O6 \"USB002\" /M \"Stylus C64\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hkcmd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LXSUPMON"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\LXSUPMON.exe RUN"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkDetect"
"hkey"="HKCU"
"command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnappau"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\MSN Apps\\Updater\\01.03.0000.1005\\en-us\\msnappau.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STOPzilla]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Stopzilla"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\STOPzilla!\\Stopzilla.exe\" /autorun"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Andy.job
Completion time: 06-11-14 18:28:34.20
C:\ComboFix.txt ... 06-11-14 18:28
C:\ComboFix2.txt ... 06-11-11 17:34
C:\ComboFix3.txt ... 06-11-11 13:12

Response Number 11

Name: jabuck
Date: November 14, 2006 at 16:57:06 Pacific

Reply:

Is there more than one user profile on the computer?
Open Hijack This> click "open misc. tools section"> click "open uninstall manager">click "save list"> click save> post that list please.

Response Number 12

Name: zepplin30
Date: November 14, 2006 at 17:37:22 Pacific

Reply:

Yes there are about 5. 3 of them are used often, the other 2 seldom.

Response Number 13

Name: zepplin30
Date: November 14, 2006 at 17:43:51 Pacific

Reply:

Here's the list.....forgot last post.

56Kbps Internal Modem
Actiontec Gateway
Ad-Aware SE Personal
Adobe Acrobat 5.0
AOL Instant Messenger
AOL Toolbar 2.0
a-squared Free 2.1
Avanquest update
AvantGo Client
AVG Anti-Spyware 7.5
AVG Free Edition
BigFix
ccCommon
CCleaner (remove only)
CompuServe
Destiny Media Player
DSC3000 Drivers
DSC3000(Documents)
EPSON Printer Software
Full Tilt Poker.Net
Handmark Solitaire
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
ICQ
Intel(R) Extreme Graphics Driver Software
InterActual Player
Internet Worm Protection
iPod for Windows 2005-09-23
iPod for Windows 2005-11-17
iPod for Windows 2006-01-10
iPod Updater 2004-11-15
IrfanView (remove only)
iTunes
iVocalize Internet Conference 3
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment Standard Edition v1.3.1
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
Kinoma Producer for Palm, Inc.
Lexmark Supplies Monitor
Lexmark Z25-Z35
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Messenger Plus! 3
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Works 6.0
Motorola Phone Tools
Mozilla Firefox (2.0)
MSN Music Assistant
Multimedia Keyboard Driver Ver1.1
My Wal-Mart Digital Photo Center
Netscape 6 (6.2.1)
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SCSSDist MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
OLYMPUS CAMEDIA Master 4.0
Palm Desktop
Philips PC Camera
PokerStars
Pop-Up Stopper Free Edition
PowerDVD
QuickTime
RealPlayer
Realtek AC'97 Audio
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
Roguescanfix 1.5
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
ShortKeys Lite
SPBBC
Spybot - Search & Destroy 1.4
Symantec
Symantec Script Blocking Installer
SymNet
The Sims Deluxe Edition
Ulead DVD PictureShow 2 SE Basic
Ulead Photo Explorer 8.0 SE Basic
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Web Assistant
Winamp (remove only)
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Toolbar
Windows Live Toolbar
Windows Media Format Runtime
Windows Media Player 10
Windows Support Tools
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Without E - Winamp Visualization
Yahoo! Address AutoComplete
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
You Don't Know Jack The Ride

Sponsored Link

Ads by Google

Limite Website Access in ...

Avast on-access scanner m...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Virusbursters and Spyheal

vccodec virusburster pmsnger help

Summary

www.computing.net/answers/security/vccodec-virusburster-pmsnger-help/19839.html

Something crashing Word and MSN

Summary

www.computing.net/answers/security/something-crashing-word-and-msn/24397.html

help remove smitfraud-c. and others

Summary

www.computing.net/answers/security/help-remove-smitfraudc-and-others/21936.html

From the Geek Dictionary
user error - A polite way of saying, You've done something wrong and you wouldn't unders...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
wireless cards

Internet Connection

My Computer won't let me into the properties

Please can someone read my Hijackthis log?

End Program - n

All Awaiting Reply

Tom's News
Xbox Live Marketplace Getting Pets

Snoop Dogg Lends His Voice to GPS Navigation

Roomba Saves Family From Poisonous Snake

New Super Mario Bros. Wii Looks Great in 1080p

AT&T's Case Against Verizon Dismissed

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE