Inactive Battling PC Peformance and Stability Analysis Report Virus

[Eric72]

OK - that appeared to work just fine. Here are the results:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 31D100779DE502702C374F7C15687B56FCFD5528


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: Y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Press ENTER to exit...

 

[Bobbye]

Okay, looks like you followed through and MBR is now fine.

Please give me an update on what problems remain and how the system is doing.

 

[Eric72]

The system seems to be running just fine again - thanks for all the help!

The only problem I notice now is in Internet Explorer - after a Google search, when I click on a resulting website link, IE takes me to a random advertisement page, instead of the website I clicked on. I assume some add-on got into IE during the infection. I could probably figure out a way to clean that up with some time. Got any immediate ideas?

Thanks again,
Eric

 

[Bobbye]

My 'immediate' idea is to tell you that you are now being redirected by malware when you search. I don't think this was an original problem:

I contracted the PC Performance and Stability Analysis Report Virus yesterday

My initial symptoms included multiple windows with warnings and error messages related to my OS, hard drive, memory, etc; no visible icons on the desktop; no visible programs nested within the Start button; black desktop background.

The above have been resolved- is that correct? Here's what I need now:

1. Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.

When scan has finished, you will see this image:

• Click on OK to close box and continue.
• Click on the Show Results button.
• Click on the Remove Selected button to remove all the listed malware.
• At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.

============================================
2. DDS scan.
3. Combofix scan.

If either of the above does not run, please let me know the exact problem and/or error message.
======================================
The following may also help:
First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
-------------------------------------
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
• Extract it to the directory on your hard drive you created C:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
====================================
Please leave logs from Malwarebytes, DDS (2 logs), Combofix, HijackThis in next reply
>OR<
If any of these will not run, I need to know what happens.

 

[Eric72]

Correct, all the initial symptoms I originally noted appear to have been resolved. I only noticed the Internet Explorer problem recently, as I began to test it with Google searches.

All of these latest scans appeared to function properly. I'll post the logs next.

 

[Eric72]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8200

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/21/2011 1:39:50 PM
mbam-log-2011-11-21 (13-39-50).txt

Scan type: Full scan (C:\|)
Objects scanned: 527634
Time elapsed: 6 hour(s), 50 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mdhcp32 (Trojan.Winlogon) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\administrator\local settings\Temp\11FC.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\rer11FB.tmp (Trojan.Downloader.P2P) -> Quarantined and deleted successfully.
c:\tdsskiller_quarantine\07.11.2011_17.02.54\mbr0000\tdlfs0000\tsk0005.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\tdsskiller_quarantine\07.11.2011_17.02.54\mbr0000\tdlfs0000\tsk0015.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\tdsskiller_quarantine\07.11.2011_17.02.54\mbr0000\tdlfs0000\tsk0016.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.

 

[Eric72]

First dds log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Erik at 13:41:48 on 2011-11-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.722 [GMT -5:00]
.
AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\DOCUME~1\Erik\LOCALS~1\Temp\clclean.0001
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-8cb0-ab60bb9aae22} - c:\progra~1\vol_to~1\VOL_TO~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111119165526.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-8cb0-ab60bb9aae22} - c:\progra~1\vol_to~1\VOL_TO~1.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
mRun: [kwArigabQW.exe] c:\documents and settings\all users\application data\kwArigabQW.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B65361DB-7653-4E50-9999-D1226A9B3133} : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{CD3AD800-1A42-476C-9F22-1FA23D0716FB} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-7 464176]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-7 89792]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 214904]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-7 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-7 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-10-7 150856]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-7 180816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-7 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-7 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-10-7 83856]
S2 gupdate1ca857bbf3bd2a7;Google Update Service (gupdate1ca857bbf3bd2a7);c:\program files\google\update\GoogleUpdate.exe [2009-12-25 133104]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 214904]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 214904]
S2 PEVSystemStart;PEVSystemStart;c:\friday\pev.3XE [2011-6-26 256000]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-7 57600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-25 133104]
S3 lac97inf;lac97inf;\??\c:\docume~1\erik\locals~1\temp\lac97inf.sys --> c:\docume~1\erik\locals~1\temp\lac97inf.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-10-7 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-7 87656]
S4 McOobeSv;McAfee OOBE Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 214904]
.
=============== Created Last 30 ================
.
2011-11-21 18:41:26 54016 ----a-w- c:\windows\system32\drivers\qwqq.sys
2011-11-20 01:57:47 -------- d-sh--w- c:\documents and settings\erik\IECompatCache
2011-11-16 01:11:16 -------- d-----w- c:\documents and settings\erik\local settings\application data\PCHealth
2011-11-09 22:29:56 296139 ----a-w- c:\windows\system32\shimg.dll
2011-11-09 19:45:38 -------- d-----w- c:\program files\ESET
2011-11-09 17:46:36 -------- d-s---w- C:\Friday
2011-11-08 21:21:06 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-11-08 21:20:37 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-11-08 21:19:41 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-11-08 21:18:27 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-11-08 21:17:43 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-11-08 21:13:45 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-11-08 21:13:07 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-11-07 23:19:53 -------- d-sha-r- C:\cmdcons
2011-11-07 23:04:48 98816 ----a-w- c:\windows\sed.exe
2011-11-07 23:04:48 518144 ----a-w- c:\windows\SWREG.exe
2011-11-07 23:04:48 256000 ----a-w- c:\windows\PEV.exe
2011-11-07 23:04:48 208896 ----a-w- c:\windows\MBR.exe
2011-11-07 22:05:16 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-07 21:07:46 446066 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-02 13:26:42 -------- d-----w- c:\documents and settings\erik\application data\Malwarebytes
2011-11-02 12:52:38 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-02 12:52:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-02 12:52:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-01 20:26:16 -------- d-----w- c:\windows\system32\scripting
2011-11-01 20:26:15 -------- d-----w- c:\windows\system32\en
2011-11-01 20:26:15 -------- d-----w- c:\windows\system32\bits
2011-11-01 19:12:38 -------- d-----w- c:\documents and settings\erik\local settings\application data\Citrix
2011-11-01 19:12:36 103720 ----a-w- c:\documents and settings\erik\GoToAssistDownloadHelper.exe
2011-11-01 19:06:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-01 19:06:18 423656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-30 12:04:57 -------- d-sh--w- c:\documents and settings\erik\PrivacIE
2011-10-30 12:03:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-30 11:59:04 -------- d-sh--w- c:\documents and settings\erik\IETldCache
2011-10-30 11:52:56 -------- d-----w- c:\windows\ie8updates
2011-10-30 11:47:44 -------- dc----w- c:\windows\ie8
2011-10-30 11:42:34 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-10-30 11:42:33 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-10-30 11:42:32 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
.
==================== Find3M ====================
.
2011-10-15 18:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 18:16:16 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-10-15 18:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 18:16:16 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-10-15 18:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 18:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 18:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 18:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 18:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 13:57:04.57 ===============

 

[Eric72]

Second dds log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/11/2006 9:28:05 PM
System Uptime: 11/20/2011 10:25:12 AM (27 hours ago)
.
Motherboard: Dell Inc. | | 0WG261
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 67.156 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1236: 8/24/2011 6:01:51 PM - System Checkpoint
RP1237: 8/26/2011 8:28:04 AM - System Checkpoint
RP1238: 8/27/2011 8:48:55 AM - System Checkpoint
RP1239: 8/28/2011 9:51:31 AM - System Checkpoint
RP1240: 8/29/2011 10:21:31 AM - System Checkpoint
RP1241: 8/30/2011 11:02:19 AM - System Checkpoint
RP1242: 8/31/2011 4:13:14 PM - System Checkpoint
RP1243: 9/1/2011 5:15:48 PM - System Checkpoint
RP1244: 9/3/2011 7:12:43 AM - System Checkpoint
RP1245: 9/6/2011 10:43:22 AM - System Checkpoint
RP1246: 9/7/2011 7:05:01 PM - System Checkpoint
RP1247: 9/8/2011 7:56:49 PM - System Checkpoint
RP1248: 9/12/2011 8:00:12 AM - System Checkpoint
RP1249: 9/14/2011 8:10:04 AM - System Checkpoint
RP1250: 9/15/2011 8:56:16 AM - System Checkpoint
RP1251: 9/15/2011 9:58:52 PM - Software Distribution Service 3.0
RP1252: 9/17/2011 8:59:09 AM - System Checkpoint
RP1253: 9/18/2011 10:13:13 AM - System Checkpoint
RP1254: 9/19/2011 3:31:03 PM - System Checkpoint
RP1255: 9/21/2011 7:12:58 AM - System Checkpoint
RP1256: 9/24/2011 11:26:46 AM - System Checkpoint
RP1257: 9/26/2011 7:48:33 AM - System Checkpoint
RP1258: 9/27/2011 8:54:05 AM - System Checkpoint
RP1259: 9/29/2011 7:24:16 AM - Software Distribution Service 3.0
RP1260: 9/30/2011 9:46:28 AM - System Checkpoint
RP1261: 10/1/2011 2:47:29 PM - System Checkpoint
RP1262: 10/7/2011 9:09:12 AM - System Checkpoint
RP1263: 10/11/2011 9:39:01 PM - Software Distribution Service 3.0
RP1264: 10/13/2011 10:19:01 AM - System Checkpoint
RP1265: 10/14/2011 11:03:27 AM - System Checkpoint
RP1266: 10/17/2011 7:55:23 AM - System Checkpoint
RP1267: 10/18/2011 9:22:42 AM - System Checkpoint
RP1268: 10/19/2011 9:58:59 AM - System Checkpoint
RP1269: 10/20/2011 10:52:25 AM - System Checkpoint
RP1270: 10/23/2011 6:32:57 PM - System Checkpoint
RP1271: 10/25/2011 7:12:02 AM - System Checkpoint
RP1272: 10/29/2011 11:29:57 AM - System Checkpoint
RP1273: 10/30/2011 7:48:48 AM - Installed Windows Internet Explorer 8.
RP1274: 10/30/2011 7:51:01 AM - Software Distribution Service 3.0
RP1275: 10/31/2011 10:11:32 PM - System Checkpoint
RP1276: 10/31/2011 10:19:19 PM - Software Distribution Service 3.0
RP1277: 11/1/2011 3:05:26 PM - Installed Java(TM) 6 Update 21
RP1278: 11/1/2011 3:41:12 PM - Software Distribution Service 3.0
RP1279: 11/1/2011 3:48:19 PM - Removed War Leaders - Clash of Nations
RP1280: 11/1/2011 3:52:39 PM - Software Distribution Service 3.0
RP1281: 11/7/2011 6:05:36 PM - ComboFix created restore point
RP1282: 11/15/2011 7:11:28 PM - Software Distribution Service 3.0
RP1283: 11/16/2011 11:36:23 AM - Software Distribution Service 3.0
RP1284: 11/19/2011 4:19:32 PM - Software Distribution Service 3.0
RP1285: 11/19/2011 10:45:00 PM - Software Distribution Service 3.0
RP1286: 11/20/2011 11:21:16 PM - System Checkpoint
RP1287: 11/21/2011 3:00:17 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
6200
6200_Help
6200Trb
Accessible FormNet Fill
Adobe Acrobat 9 Standard
Adobe Acrobat 9.4.6 - CPSID_83708
Adobe Flash Player 11 ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player 11.5
Age of Empires III
AGEIA PhysX v2.4.4
AiO_Scan
AiOSoftware
American Civil War Gettysburg
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Axis & Allies
Blitzkrieg 2
Bonjour
BufferChm
Capitalism II
CCleaner
Civilization III - Gold Edition
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Defraggler
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Destinations
Digital Content Portal
Digital Line Detect
Director
DocProc
DocumentViewer
Empire Earth
ESET Online Scanner v3
ESPNMotion
Fax
GemMaster Mystic
Google AFE
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 4.7
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HPSystemDiagnostics
InstantShare
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Iron Aces
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 21
John Deere American Farmer TM v1.0
Learn2 Player (Uninstall Only)
Linksys Wireless-G USB Network Adapter
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Macromedia Flash Player
Malwarebytes' Anti-Malware version 1.51.2.1300
MCU
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Basic Edition 2003
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch for Windows Media Player
NetZeroInstallers
PanoStandAlone
PhotoGallery
PowerDVD 5.5
Privateers Bounty - Age of Sail II
ProductContext
QFolder
QuickTime
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RPS CRT
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
ShopAtHome.com Toolbar
Sid Meier's Civilization 4
Sid Meier's Pirates!
SkinsHP1
Skype Toolbars
Skype™ 4.2
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Stronghold 2 Deluxe
Stronghold Crusader
TrayApp
TurboTax Deluxe 2005
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
TurboTax Premier Investments 2006
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URGE
Verizon Broadband Toolbar
Verizon Help and Support Tool
Verizon Internet Security Suite
Verizon Online Help and Support
Verizon Servicepoint 3.5.18
Viewpoint Media Player
Vz In Home Agent
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
11/21/2011 3:00:29 AM, error: NtServicePack [4373] - Windows XP KB2393802 installation failed.
An internal error occurred.
11/21/2011 1:42:29 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WUSB54GSv2SVC service.
11/20/2011 3:50:44 PM, error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 3 time(s).
11/20/2011 3:50:43 PM, error: Service Control Manager [7034] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 3 time(s).
11/20/2011 3:50:43 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 3 time(s).
11/20/2011 3:50:43 PM, error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s).
11/20/2011 3:50:43 PM, error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s).
11/20/2011 3:50:43 PM, error: Service Control Manager [7034] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 3 time(s).
11/20/2011 3:50:43 PM, error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 3 time(s).
11/19/2011 8:06:11 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 2 time(s).
11/19/2011 8:06:11 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 8:06:11 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 8:06:11 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 8:06:11 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 8:06:11 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 8:06:11 PM, error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 7:01:21 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
11/19/2011 7:01:21 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 7:01:21 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 7:01:21 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 7:01:21 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 7:01:21 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 7:01:21 PM, error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/19/2011 4:26:10 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB2393802).
11/19/2011 4:26:03 PM, error: NtServicePack [4373] - Windows XP KB2393802 installation failed.
An internal error occurred.
11/19/2011 10:45:30 PM, error: NtServicePack [4373] - Windows XP KB2393802 installation failed.
An internal error occurred.
11/16/2011 4:52:18 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BITS service.
11/16/2011 4:38:35 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
11/15/2011 8:14:23 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer FAMILYROOM that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CD3AD800-1A42-476. The master browser is stopping or an election is being forced.
11/15/2011 8:09:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
11/15/2011 8:09:22 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/15/2011 8:09:21 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/15/2011 7:37:57 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2572067).
11/15/2011 7:12:43 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
11/15/2011 7:12:43 PM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
11/15/2011 7:12:43 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
11/14/2011 4:12:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/14/2011 4:12:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
11/14/2011 4:12:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
11/14/2011 4:09:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
.
==== End Of File ===========================

 

[Eric72]

ComboFix 11-11-21.01 - Erik 11/21/2011 15:57:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1368 [GMT -5:00]
Running from: c:\documents and settings\Erik\Desktop\ComboFix.exe
AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Erik\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Erik\Desktop\Search.lnk
c:\documents and settings\Erik\GoToAssistDownloadHelper.exe
c:\documents and settings\Erik\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\windows\CSC\d6
c:\windows\jestertb.dll
c:\windows\kb913800.exe
c:\windows\system32\shimg.dll
c:\windows\system32\system
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-20 01:57 . 2011-11-20 01:57 -------- d-sh--w- c:\documents and settings\Erik\IECompatCache
2011-11-16 01:11 . 2011-11-16 01:11 -------- d-----w- c:\documents and settings\Erik\Local Settings\Application Data\PCHealth
2011-11-09 19:45 . 2011-11-09 19:45 -------- d-----w- c:\program files\ESET
2011-11-09 17:46 . 2011-11-09 17:54 -------- d-----w- C:\Friday
2011-11-08 21:21 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-11-08 21:20 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-11-08 21:19 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-11-08 21:18 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-11-08 21:17 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-11-08 21:13 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-11-08 21:13 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-11-07 22:05 . 2011-11-07 22:05 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-07 21:07 . 2011-11-07 21:07 446066 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-02 13:26 . 2011-11-02 13:26 -------- d-----w- c:\documents and settings\Erik\Application Data\Malwarebytes
2011-11-02 12:53 . 2011-11-02 12:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-11-02 12:52 . 2011-11-02 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-02 12:52 . 2011-11-02 12:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-02 12:52 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-02 12:50 . 2011-11-02 12:50 -------- d-sh--w- c:\documents and settings\Lisa\PrivacIE
2011-11-02 12:50 . 2011-11-02 12:50 -------- d-sh--w- c:\documents and settings\Lisa\IETldCache
2011-11-02 01:39 . 2011-11-02 01:39 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-11-02 01:38 . 2011-11-02 01:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-11-01 20:26 . 2011-11-01 20:26 -------- d-----w- c:\windows\system32\scripting
2011-11-01 20:26 . 2011-11-01 20:26 -------- d-----w- c:\windows\system32\en
2011-11-01 20:26 . 2011-11-01 20:26 -------- d-----w- c:\windows\system32\bits
2011-11-01 19:12 . 2011-11-01 19:12 -------- d-----w- c:\documents and settings\Erik\Local Settings\Application Data\Citrix
2011-11-01 19:06 . 2011-11-01 19:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-01 19:06 . 2011-11-01 19:05 423656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-30 12:04 . 2011-10-30 12:04 -------- d-sh--w- c:\documents and settings\Erik\PrivacIE
2011-10-30 12:03 . 2011-10-30 12:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-30 11:59 . 2011-10-30 11:59 -------- d-sh--w- c:\documents and settings\Erik\IETldCache
2011-10-30 11:58 . 2011-10-30 11:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-10-30 11:47 . 2011-10-30 11:50 -------- dc----w- c:\windows\ie8
2011-10-30 11:42 . 2011-08-22 23:48 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-10-30 11:42 . 2011-08-22 23:48 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-10-30 11:42 . 2011-08-22 23:48 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-01 19:01 . 2009-07-16 14:48 80384 ----a-r- c:\documents and settings\Erik\Application Data\Microsoft\Installer\{CC4C261A-B915-4F23-BD23-7E1AE5713B4E}\Icon6FDEE4821.exe
2011-10-15 18:16 . 2010-10-07 12:33 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 18:16 . 2010-10-07 12:33 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-10-15 18:16 . 2010-10-07 12:32 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 18:16 . 2010-10-07 12:32 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-10-15 18:16 . 2010-10-07 12:32 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 18:16 . 2010-10-07 12:32 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 18:16 . 2010-10-07 12:32 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16 . 2010-10-07 12:32 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 18:16 . 2010-10-07 12:32 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 18:16 . 2010-10-07 12:32 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-10 14:22 . 2005-08-16 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2005-08-16 10:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2011-09-26 16:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2005-08-16 10:18 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2005-08-16 10:18 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2005-08-16 10:18 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-01-24 274608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SelectRebates"="c:\program files\SelectRebates\SelectRebates.exe" [2010-11-01 886752]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-6 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\Atari\\Axis & Allies\\AA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sierra\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\American Civil War Gettysburg\\Gettysburg.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/7/2010 7:33 AM 89792]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/7/2010 7:32 AM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/7/2010 7:32 AM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/7/2010 7:32 AM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [10/7/2010 7:33 AM 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [10/7/2010 7:33 AM 150856]
R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [10/2/2010 8:31 AM 689392]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [1/14/2006 12:18 AM 41025]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/7/2010 7:32 AM 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/7/2010 7:32 AM 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [10/7/2010 7:32 AM 83856]
S2 gupdate1ca857bbf3bd2a7;Google Update Service (gupdate1ca857bbf3bd2a7);c:\program files\Google\Update\GoogleUpdate.exe [12/25/2009 11:03 AM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/25/2009 11:03 AM 133104]
S3 lac97inf;lac97inf;\??\c:\docume~1\Erik\LOCALS~1\Temp\lac97inf.sys --> c:\docume~1\Erik\LOCALS~1\Temp\lac97inf.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10/7/2010 7:32 AM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/7/2010 7:32 AM 87656]
S4 McOobeSv;McAfee OOBE Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/7/2010 7:32 AM 214904]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 16:02]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 16:02]
.
2009-10-29 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-10-28 19:19]
.
2011-11-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2694603098-4010015913-481181697-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-11-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2694603098-4010015913-481181697-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-11-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2694603098-4010015913-481181697-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-11-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2694603098-4010015913-481181697-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-11-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2694603098-4010015913-481181697-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-11-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2694603098-4010015913-481181697-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-10-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2694603098-4010015913-481181697-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-kwArigabQW.exe - c:\documents and settings\All Users\Application Data\kwArigabQW.exe
Notify-WgaLogon - (no file)
AddRemove-Verizon Online Help and Support - c:\progra~1\Verizon\UNWISE.EXE
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-21 16:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5384)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\stsystra.exe
c:\windows\system32\Rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\docume~1\Erik\LOCALS~1\Temp\clclean.0001
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\Verizon\VSP\VerizonServicepointComHandler.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-11-21 17:10:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-21 22:10
.
Pre-Run: 72,030,367,744 bytes free
Post-Run: 73,916,129,280 bytes free
.
- - End Of File - - A4CB24BC742B6DB1FA9221114881A15F

 

[Eric72]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:42:36 PM, on 11/21/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\DOCUME~1\Erik\LOCALS~1\Temp\clclean.0001
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111119165526.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u21-windows-i586.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca857bbf3bd2a7) (gupdate1ca857bbf3bd2a7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 16987 bytes

 

[Bobbye]

Eric, what going on with the AV and FW? The CLSID is identified as McAfee, yet there is no name showing in the header, nor does the installed programs list show McAfee. It is also crashing in the Event Viewer.

AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

=========================================
And this is also still running:
C:\DOCUME~1\Erik\LOCALS~1\Temp\clclean.0001

clclean.0001 file information

The process Cleanup belongs to the software Macrovision Europe Ltd. Cleanup by Macrovision Europe Ltd. (www.macrovision.com).

Description: File clclean.0001 is located in a subfolder of "C:\Documents and Settings" or sometimes in the Windows Temp folder or in a subfolder of "C:\Program Files". The file size on Windows 7/XP is 59,964 bytes.http://www.file.net/process/clclean.0001.html
The program has no visible window. The file is not a Windows core file. Therefore the technical security rating is 42% dangerous, however also read the users reviews.
In the event of any problems with clclean.0001, you can uninstall the program using the Control Panel> Add/Remove programs> Windows Safety Alert or Safety Alerter 2006.
====================================
You have an extraordinary number of processes running that should only show if you are actively running them. We can stop them for starting on boot, using HJT if wanted. There are many auto-updates running also.

Do you want to try and get the system a bit leaner?

 

[Eric72]

The AV/FW package is called Verizon Internet Security Suite, Powered by McAfee, so that may be why the McAfee name shows up in some places but not others - I'm not sure.

I have used a program called CCleaner (free version) in the past, recommended to me by a colleague, to attempt cleaning up this computer. The clclean.0001 file you identified looks similar to the name and may be associated with that program. Again, I'm just speculating.

I would certainly love to get this machine running leaner! Thanks for any further recommendations, Bobbye.

 

[Bobbye]

Okay, lean it is! All of the following are legitimate processes, but none need to start on boot and run in the background. Each can be accessed through All Programs or the File menu as needed (Print). I have grouped the processes as follows:
1. The first group are for general programs that don't need to run unless you are actively using them.
2. The second group is all for auto-updates you have running. They use resources every day, all day to contact the internet looking for updates. They should all be stopped. What good does it do to have Adobe Reader check for updates, current is v10, when you still have v7 on the system!
3. The third group is for the Services that start some of these processes. If they are set to Automatic, they will start on boot. But if the Startup type is changed to Manual, they will only run if you call up the program. And a couple can even be Disabled.

Please print out the HijackThis log you will be working from. It will help when you take processes off of startup and change startup type for Services:

Note1: Although the HJT log is divided into 3 sections, you will handle it as one log. If you do not understand what I mean by this, please ask me.
Note2: Do not click on "Fix Checked" untill yoi have unchecked all of the processes listed..
A Tip: Some of these entries will not be consecutive. The Centries will be in the running processes section. The other entries are preceeded by a number such as 04 or 023 so you can find the entry in that section of the HJT log..
---------------------------------------------
Please reopen HijackThis to 'do system scan only.' Check each of the following if present:

C:\Program Files\SelectRebates\SelectRebates.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\stsystra.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0) - http://javadl-esd.sun.com/update/1.6...ndows-i586.cab
-------------------------
The following are All autoupdates and the process that runs it:

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
C:\program files\real\realplayer\update\realsched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

-------------------------------------
Services:
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

Close all Windows except HijackThis and lick on "Fix checked."
========================================
Do Not Reboot> go on to the next reply.

 

[Bobbye]

When you have finished unchecking the processes in the HJT log and have clicked on :"Fix Checked:", here is a summary of what you'll do in the following:

1. Boot into Safe Mode
2. Uncheck the process on the Start menu.
3. Change any associated Service
4. Uninstall a program
5. Remove the program folder
--------------------------------
1 Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

2.Remove entries from the Startup Menu using the msconfig utility:

• Click on Start> Run> type in msconfig> enter>
  
  
• Click on Selective Startup
• Choose the Startup tab:
  
  
  
  All images courtesy NetSquirrel
• To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
• Uncheck any processes you do not need to start on boot. Look on your printout from the HJT log and uncheck those processes on Startup that appear on the Startup Menu.
• Click on Apply> OK when finished.

====================================
Do Not reboot yet. Stay in Safe Mode.
===================================
3. Changing Service Startup type:
Click on Start> Run> type in services.msc> Double click on eah Service to open and set as follows:Set All but JQS Service to Manual Startup Type.
Apple Mobile Device
Bonjour Service
Creative Labs Licensing Service
DSBrokerService
iPod Service
Java Quick Starter (jqs)- I recommend setting this to Disabled> Stop the Service.
Process Monitor (LVPrcSrv)
Pml Driver HPZ12 > may show asHPZipm12.exe
SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter)
===============================
4. Uninstall programs that you don't need/want/use: Suggestion is the Dell Support Center.
[o]Start> Settings> Control Panel> Add/Remove Programs> uninstall here> Close
5. Remove program folder (only if program is uninstalled)

• Access Windows Explorer:[/B] Right click on Start> Explore:
• Open My Computer> double click on Local Drive (C)> Programs
• Find the folder for any program you uninstalled> do a right click> Delete on each folder.
• Close Windows Explorer.

========================================
Reboot into Normal Mode
NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.

 

[Eric72]

Thanks, Bobbye - all of those steps seemed to work just fine.

The only remaining problem I see is the same issue with Google searches via Internet Explorer. When I click on a search result URL, I get redirected to a different website. There appears to be some sort of advertising malware at work here... any idea how to get rid of it?

Thanks again!

 

[Bobbye]

Eric, Am I correct in thinking that a redirect was not one of the original problems?

I only noticed the Internet Explorer problem recently, as I began to test it with Google searches.

=======================================
1. Please update and run a new scan with HijackThis.

2. Also update and run new scan with Eset online virus scan.

3.I' d like you to run SperAntiSpyware also:

SuperAntiSpyware Home Edition Free Version

• Please download SuperAntiSpyware from HERE
• Launch SuperAntiSpyware and click on 'Check for updates'.
• Wait for the updates to be installed
• On the main screen click on 'Scan your computer'.
• Check: 'Perform Complete Scan then Click 'Next' to start the scan.
• Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
• Make sure everything found has a checkmark next to it,then press 'Next'.
• Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

• Click on 'Preferences'.
• Click on the 'Statistics/Logs' tab.
• Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.

It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply

You should not be having redirects at this point- unless you have something new on the system.

 

[Eric72]

You are correct, Bobbye - I think this redirect problem somehow emerged after my initial symptoms.

I've completed the three scans and will paste the log files after this post. They all appeared to run correctly, and the SuperAntiSpyware scan identified and appeared remove a large number of adware cookies. However, when testing the Google search results after these scans, I notice that the redirect problem continues to persist.

Thanks for the continuing help!

 

[Eric72]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:26:08 PM, on 12/5/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Documents and Settings\Erik\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111119165526.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca857bbf3bd2a7) (gupdate1ca857bbf3bd2a7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 11840 bytes

 

[Eric72]

ESET Log:

C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\57\4c85f79-4bce12da Java/Agent.DW trojan
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\6\2b2dd8c6-2e62bd77 Java/Agent.DW trojan
C:\Documents and Settings\Erik\Application Data\Sun\Java\Deployment\cache\6.0\25\5881c799-36cc4fe1 multiple threats
C:\Documents and Settings\Erik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\7656823660-6b406ab0-2f0105ad.zip multiple threats
C:\Documents and Settings\Erik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\plugins.jar-77c163df-1b781d71.zip multiple threats
C:\Program Files\FoxTabAudioConverter\AudioConverter.exe a variant of Win32/InstallCore.A application

 

[Eric72]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/05/2011 at 11:53 PM

Application Version : 5.0.1136

Core Rules Database Version : 8018
Trace Rules Database Version: 5830

Scan type : Complete Scan
Total Scan Time : 01:47:54

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 560
Memory threats detected : 0
Registry items scanned : 40250
Registry threats detected : 0
File items scanned : 90705
File threats detected : 411

Malware.SpywareQuake
C:\Documents and Settings\Erik\Start Menu\Programs\SpywareQuake

Adware.Tracking Cookie
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T4RBU59D ]
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T4RBU59D ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T4RBU59D ]
C:\Documents and Settings\Erik\Cookies\erik@a1.interclick[1].txt [ /a1.interclick ]
C:\Documents and Settings\Erik\Cookies\erik@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
C:\Documents and Settings\Erik\Cookies\erik@ad.yieldmanager[3].txt [ /ad.yieldmanager ]
C:\Documents and Settings\Erik\Cookies\erik@ad.yieldmanager[4].txt [ /ad.yieldmanager ]
C:\Documents and Settings\Erik\Cookies\erik@ads.pointroll[2].txt [ /ads.pointroll ]
C:\Documents and Settings\Erik\Cookies\erik@ads.pubmatic[1].txt [ /ads.pubmatic ]
C:\Documents and Settings\Erik\Cookies\erik@advertising[2].txt [ /advertising ]
C:\Documents and Settings\Erik\Cookies\erik@artcitymedia[1].txt [ /artcitymedia ]
C:\Documents and Settings\Erik\Cookies\erik@at.atwola[1].txt [ /at.atwola ]
C:\Documents and Settings\Erik\Cookies\erik@at.atwola[2].txt [ /at.atwola ]
C:\Documents and Settings\Erik\Cookies\erik@burstbeacon[1].txt [ /burstbeacon ]
C:\Documents and Settings\Erik\Cookies\erik@burstnet[1].txt [ /burstnet ]
C:\Documents and Settings\Erik\Cookies\erik@casalemedia[1].txt [ /casalemedia ]
C:\Documents and Settings\Erik\Cookies\erik@collective-media[2].txt [ /collective-media ]
C:\Documents and Settings\Erik\Cookies\erik@dc.tremormedia[2].txt [ /dc.tremormedia ]
C:\Documents and Settings\Erik\Cookies\erik@fastclick[1].txt [ /fastclick ]
C:\Documents and Settings\Erik\Cookies\erik@fastclick[2].txt [ /fastclick ]
C:\Documents and Settings\Erik\Cookies\erik@intermundomedia[2].txt [ /intermundomedia ]
C:\Documents and Settings\Erik\Cookies\erik@invitemedia[1].txt [ /invitemedia ]
C:\Documents and Settings\Erik\Cookies\erik@legolas-media[2].txt [ /legolas-media ]
C:\Documents and Settings\Erik\Cookies\erik@liveperson[2].txt [ /liveperson ]
C:\Documents and Settings\Erik\Cookies\erik@liveperson[4].txt [ /liveperson ]
C:\Documents and Settings\Erik\Cookies\erik@media6degrees[1].txt [ /media6degrees ]
C:\Documents and Settings\Erik\Cookies\erik@mediaplex[1].txt [ /mediaplex ]
C:\Documents and Settings\Erik\Cookies\erik@mediaplex[2].txt [ /mediaplex ]
C:\Documents and Settings\Erik\Cookies\erik@network.realmedia[1].txt [ /network.realmedia ]
C:\Documents and Settings\Erik\Cookies\erik@pro-market[1].txt [ /pro-market ]
C:\Documents and Settings\Erik\Cookies\erik@questionmarket[1].txt [ /questionmarket ]
C:\Documents and Settings\Erik\Cookies\erik@revsci[2].txt [ /revsci ]
C:\Documents and Settings\Erik\Cookies\erik@ru4[2].txt [ /ru4 ]
C:\Documents and Settings\Erik\Cookies\erik@server.iad.liveperson[1].txt [ /server.iad.liveperson ]
C:\Documents and Settings\Erik\Cookies\erik@tacoda[2].txt [ /tacoda ]
C:\Documents and Settings\Erik\Cookies\erik@tacoda[3].txt [ /tacoda ]
C:\Documents and Settings\Erik\Cookies\erik@tracking.foxnews[1].txt [ /tracking.foxnews ]
C:\Documents and Settings\Erik\Cookies\erik@tribalfusion[2].txt [ /tribalfusion ]
C:\Documents and Settings\Erik\Cookies\erik@www.burstbeacon[1].txt [ /www.burstbeacon ]
C:\Documents and Settings\Erik\Cookies\erik@www.burstnet[2].txt [ /www.burstnet ]
C:\Documents and Settings\Erik\Cookies\erik@www.burstnet[3].txt [ /www.burstnet ]
C:\Documents and Settings\Erik\Cookies\erik@yieldmanager[1].txt [ /yieldmanager ]
C:\Documents and Settings\Erik\Cookies\erik@zedo[2].txt [ /zedo ]
C:\Documents and Settings\Erik\Cookies\258Z9ZQ5.txt [ /accounts.google.com ]
C:\Documents and Settings\Erik\Cookies\7ZLXXPNU.txt [ /doubleclick.net ]
C:\Documents and Settings\Erik\Cookies\9PJX579I.txt [ /serving-sys.com ]
C:\Documents and Settings\Erik\Cookies\135NDAA9.txt [ /interclick.com ]
C:\Documents and Settings\Erik\Cookies\KOQIPLOH.txt [ /ar.atwola.com ]
C:\Documents and Settings\Erik\Cookies\WUR9K5X6.txt [ /invitemedia.com ]
C:\Documents and Settings\Erik\Cookies\TAYV3ETC.txt [ /apmebf.com ]
C:\Documents and Settings\Erik\Cookies\QRP7QWAF.txt [ /tribalfusion.com ]
C:\Documents and Settings\Erik\Cookies\N50VRDME.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Erik\Cookies\SXU3UYB3.txt [ /atwola.com ]
C:\Documents and Settings\Erik\Cookies\ABHBEBJT.txt [ /tacoda.net ]
C:\Documents and Settings\Erik\Cookies\I8U909MO.txt [ /collective-media.net ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\COOKIES\ADMINISTRATOR@ADVERTISING[2].TXT [ /ADVERTISING ]
C:\Documents and Settings\Erik\Cookies\N7UKWIY1.txt [ /advertising.com ]
C:\Documents and Settings\Erik\Cookies\U356OBR8.txt [ /xml.mediality.com ]
C:\Documents and Settings\Erik\Cookies\0YA2SCMA.txt [ /adxpose.com ]
C:\Documents and Settings\Erik\Cookies\MB5O1LB3.txt [ /at.atwola.com ]
C:\Documents and Settings\Erik\Cookies\G7HBTL3M.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\Erik\Cookies\Y759G30K.txt [ /eset.122.2o7.net ]
C:\Documents and Settings\Erik\Cookies\5VTAJPEO.txt [ /atdmt.com ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@apmebf[2].txt [ Cookie:administrator@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@atdmt[2].txt [ Cookie:administrator@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@media6degrees[1].txt [ Cookie:administrator@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@legolas-media[1].txt [ Cookie:administrator@legolas-media.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@adsonar[3].txt [ Cookie:administrator@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@adserver.adtechus[1].txt [ Cookie:administrator@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@ru4[2].txt [ Cookie:administrator@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@adbrite[1].txt [ Cookie:administrator@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@specificclick[1].txt [ Cookie:administrator@specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@eyeviewads[2].txt [ Cookie:administrator@eyeviewads.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@revsci[3].txt [ Cookie:administrator@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@tacoda.at.atwola[1].txt [ Cookie:administrator@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@tribalfusion[1].txt [ Cookie:administrator@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@at.atwola[2].txt [ Cookie:administrator@at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@pro-market[1].txt [ Cookie:administrator@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@adxpose[1].txt [ Cookie:administrator@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@lucidmedia[2].txt [ Cookie:administrator@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@eyewonder[2].txt [ Cookie:administrator@eyewonder.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@advertise[1].txt [ Cookie:administrator@advertise.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@interclick[1].txt [ Cookie:administrator@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@kontera[1].txt [ Cookie:administrator@kontera.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@adserver.leanmarket[1].txt [ Cookie:administrator@adserver.leanmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@stopzilla[1].txt [ Cookie:administrator@stopzilla.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@doubleclick[2].txt [ Cookie:administrator@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@pointroll[3].txt [ Cookie:administrator@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@questionmarket[1].txt [ Cookie:administrator@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@serving-sys[1].txt [ Cookie:administrator@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@burstnet[1].txt [ Cookie:administrator@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@fastclick[4].txt [ Cookie:administrator@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@a1.interclick[1].txt [ Cookie:administrator@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@advertising[1].txt [ Cookie:administrator@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@mediaplex[1].txt [ Cookie:administrator@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@r1-ads.ace.advertising[2].txt [ Cookie:administrator@r1-ads.ace.advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@www.stopzilla[1].txt [ Cookie:administrator@www.stopzilla.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@collective-media[2].txt [ Cookie:administrator@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@intermundomedia[2].txt [ Cookie:administrator@intermundomedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@zedo[1].txt [ Cookie:administrator@zedo.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@ad.yieldmanager[3].txt [ Cookie:administrator@ad.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@www.burstnet[1].txt [ Cookie:administrator@www.burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@micklemedia[2].txt [ Cookie:administrator@micklemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@tacoda[1].txt [ Cookie:administrator@tacoda.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@insightexpressai[3].txt [ Cookie:administrator@insightexpressai.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@realmedia[2].txt [ Cookie:administrator@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@eset.122.2o7[1].txt [ Cookie:administrator@eset.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\ERIK\Cookies\erik@verizon[6].txt [ Cookie:erik@verizon.com/media ]
C:\DOCUMENTS AND SETTINGS\ERIK\Cookies\erik@verizon[5].txt [ Cookie:erik@verizon.com/vztracker/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@clkads[4].txt [ Cookie:gunnar@clkads.com/adServe/banners ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@adopt.euroclick[2].txt [ Cookie:gunnar@adopt.euroclick.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@ads.bridgetrack[1].txt [ Cookie:gunnar@ads.bridgetrack.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@giftscom.122.2o7[1].txt [ Cookie:gunnar@giftscom.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@adrevolver[2].txt [ Cookie:gunnar@adrevolver.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@mediaplex[1].txt [ Cookie:gunnar@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@serving-sys[2].txt [ Cookie:gunnar@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@borders.112.2o7[1].txt [ Cookie:gunnar@borders.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@server.cpmstar[2].txt [ Cookie:gunnar@server.cpmstar.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@invitemedia[2].txt [ Cookie:gunnar@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@atdmt[2].txt [ Cookie:gunnar@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@adserver.adtechus[1].txt [ Cookie:gunnar@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@a1.interclick[1].txt [ Cookie:gunnar@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@www.googleadservices[5].txt [ Cookie:gunnar@www.googleadservices.com/pagead/conversion/1058501446/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@www.googleadservices[2].txt [ Cookie:gunnar@www.googleadservices.com/pagead/conversion/1041763058/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@burstnet[2].txt [ Cookie:gunnar@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@www.googleadservices[1].txt [ Cookie:gunnar@www.googleadservices.com/pagead/conversion/1072630628/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@pointroll[2].txt [ Cookie:gunnar@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@adtech[1].txt [ Cookie:gunnar@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@click.cashengines[2].txt [ Cookie:gunnar@click.cashengines.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@bluestreak[2].txt [ Cookie:gunnar@bluestreak.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@eyewonder[1].txt [ Cookie:gunnar@eyewonder.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@tacoda[2].txt [ Cookie:gunnar@tacoda.net/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@ads.pointroll[1].txt [ Cookie:gunnar@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@advertising[2].txt [ Cookie:gunnar@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@stats.townnews[3].txt [ Cookie:gunnar@stats.townnews.com/thepublicopinion.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@insightexpressai[1].txt [ Cookie:gunnar@insightexpressai.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@adcentriconline[1].txt [ Cookie:gunnar@adcentriconline.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@clkads[3].txt [ Cookie:gunnar@clkads.com/adServe/static/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@questionmarket[1].txt [ Cookie:gunnar@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@zedo[1].txt [ Cookie:gunnar@zedo.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@tribalfusion[1].txt [ Cookie:gunnar@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@burstbeacon[2].txt [ Cookie:gunnar@burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@intermundomedia[2].txt [ Cookie:gunnar@intermundomedia.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@media.legacy[1].txt [ Cookie:gunnar@media.legacy.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@specificclick[1].txt [ Cookie:gunnar@specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@tracking.foxnews[1].txt [ Cookie:gunnar@tracking.foxnews.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@imrworldwide[2].txt [ Cookie:gunnar@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@interclick[2].txt [ Cookie:gunnar@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@apmebf[1].txt [ Cookie:gunnar@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@www.burstnet[1].txt [ Cookie:gunnar@www.burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@blethenmaine.112.2o7[1].txt [ Cookie:gunnar@blethenmaine.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@stats.townnews[1].txt [ Cookie:gunnar@stats.townnews.com/siouxcityjournal.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@saxoaberdeennews.122.2o7[1].txt [ Cookie:gunnar@saxoaberdeennews.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@adbrite[1].txt [ Cookie:gunnar@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@dardenrestaurants.112.2o7[1].txt [ Cookie:gunnar@dardenrestaurants.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@adopt.specificclick[1].txt [ Cookie:gunnar@adopt.specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@revsci[1].txt [ Cookie:gunnar@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@specificmedia[1].txt [ Cookie:gunnar@specificmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@ad.yieldmanager[2].txt [ Cookie:gunnar@ad.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@realmedia[1].txt [ Cookie:gunnar@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@trafficmp[2].txt [ Cookie:gunnar@trafficmp.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@msnportal.112.2o7[1].txt [ Cookie:gunnar@msnportal.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@dmtracker[1].txt [ Cookie:gunnar@dmtracker.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@www.googleadservices[4].txt [ Cookie:gunnar@www.googleadservices.com/pagead/conversion/1056414046/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@www.burstbeacon[1].txt [ Cookie:gunnar@www.burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@media.adrevolver[1].txt [ Cookie:gunnar@media.adrevolver.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@s.clickability[2].txt [ Cookie:gunnar@s.clickability.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@adxpose[1].txt [ Cookie:gunnar@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\GUNNAR\Cookies\gunnar@clkads[2].txt [ Cookie:gunnar@clkads.com/adServe/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@rotator.adjuggler[2].txt [ Cookie:lisa@rotator.adjuggler.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@browseinside.harperteen[2].txt [ Cookie:lisa@browseinside.harperteen.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@pointclickhome[1].txt [ Cookie:lisa@pointclickhome.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@adxpose[1].txt [ Cookie:lisa@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@pbteen[1].txt [ Cookie:lisa@pbteen.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@liveperson[4].txt [ Cookie:lisa@liveperson.net/hc/65803736 ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@petfinder[2].txt [ Cookie:lisa@petfinder.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@find.myrecipes[2].txt [ Cookie:lisa@find.myrecipes.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@intermundomedia[1].txt [ Cookie:lisa@intermundomedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@harperteen[1].txt [ Cookie:lisa@harperteen.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@ru4[1].txt [ Cookie:lisa@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@blainmaine.112.2o7[1].txt [ Cookie:lisa@blainmaine.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@yieldmanager[2].txt [ Cookie:lisa@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@mediaplex[2].txt [ Cookie:lisa@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@a1.interclick[2].txt [ Cookie:lisa@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@test.coremetrics[1].txt [ Cookie:lisa@test.coremetrics.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@trafficmp[2].txt [ Cookie:lisa@trafficmp.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@adecn[1].txt [ Cookie:lisa@adecn.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@media.adfrontiers[1].txt [ Cookie:lisa@media.adfrontiers.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@data.coremetrics[1].txt [ Cookie:lisa@data.coremetrics.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@statse.webtrendslive[2].txt [ Cookie:lisa@statse.webtrendslive.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@h.atdmt[2].txt [ Cookie:lisa@h.atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@interclick[2].txt [ Cookie:lisa@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@www.qksrv[2].txt [ Cookie:lisa@www.qksrv.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@www.directnetadvertising[1].txt [ Cookie:lisa@www.directnetadvertising.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@doubleclick[1].txt [ Cookie:lisa@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@statcounter[1].txt [ Cookie:lisa@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@atdmt[2].txt [ Cookie:lisa@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@collective-media[1].txt [ Cookie:lisa@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@legolas-media[1].txt [ Cookie:lisa@legolas-media.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@pro-market[2].txt [ Cookie:lisa@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@sdc.pointclickhome[1].txt [ Cookie:lisa@sdc.pointclickhome.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@tracking.foxnews[1].txt [ Cookie:lisa@tracking.foxnews.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@superstats[2].txt [ Cookie:lisa@superstats.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@casalemedia[2].txt [ Cookie:lisa@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@s.clickability[1].txt [ Cookie:lisa@s.clickability.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@target.db.advertising[2].txt [ Cookie:lisa@target.db.advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@updates.liquiddigitalmedia[2].txt [ Cookie:lisa@updates.liquiddigitalmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@stats.townnews[2].txt [ Cookie:lisa@stats.townnews.com/leesburg2day.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@realmedia[1].txt [ Cookie:lisa@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@find.keywordblocks[1].txt [ Cookie:lisa@find.keywordblocks.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@allbritton.122.2o7[1].txt [ Cookie:lisa@allbritton.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@counter.hitslink[1].txt [ Cookie:lisa@counter.hitslink.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@teenvogue[2].txt [ Cookie:lisa@teenvogue.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@adtech[1].txt [ Cookie:lisa@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@adlegend[1].txt [ Cookie:lisa@adlegend.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@tribalfusion[1].txt [ Cookie:lisa@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@zedo[3].txt [ Cookie:lisa@zedo.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@oasn04.247realmedia[2].txt [ Cookie:lisa@oasn04.247realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@partner2profit[2].txt [ Cookie:lisa@partner2profit.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@specificmedia[1].txt [ Cookie:lisa@specificmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@www.matracking[1].txt [ Cookie:lisa@www.matracking.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@specificclick[1].txt [ Cookie:lisa@specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@ar.atwola[1].txt [ Cookie:lisa@ar.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@ads.pointroll[1].txt [ Cookie:lisa@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@www.ifactostat[1].txt [ Cookie:lisa@www.ifactostat.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@xiti[1].txt [ Cookie:lisa@xiti.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@adcentriconline[1].txt [ Cookie:lisa@adcentriconline.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@liveperson[2].txt [ Cookie:lisa@liveperson.net/hc/74613876 ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@advertstream[1].txt [ Cookie:lisa@advertstream.com/a ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@burstbeacon[1].txt [ Cookie:lisa@burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@mm.chitika[1].txt [ Cookie:lisa@mm.chitika.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@anrtx.tacoda[2].txt [ Cookie:lisa@anrtx.tacoda.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@www.harperteen[1].txt [ Cookie:lisa@www.harperteen.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@accountingcoach[1].txt [ Cookie:lisa@accountingcoach.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@o1.qnsr[1].txt [ Cookie:lisa@o1.qnsr.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@liveperson[3].txt [ Cookie:lisa@liveperson.net/hc/37343836 ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@imrworldwide[2].txt [ Cookie:lisa@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@www.seventeen[2].txt [ Cookie:lisa@www.seventeen.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@qnsr[1].txt [ Cookie:lisa@qnsr.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@careers-in-accounting[2].txt [ Cookie:lisa@careers-in-accounting.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@adbrite[1].txt [ Cookie:lisa@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@ad1.clickhype[1].txt [ Cookie:lisa@ad1.clickhype.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@microsoftwlsearchcrm.112.2o7[1].txt [ Cookie:lisa@microsoftwlsearchcrm.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@www.google[3].txt [ Cookie:lisa@www.google.com/accounts ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@liveperson[5].txt [ Cookie:lisa@liveperson.net/hc/1338460 ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@adsonar[3].txt [ Cookie:lisa@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@ads.bridgetrack[2].txt [ Cookie:lisa@ads.bridgetrack.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@paypal.112.2o7[1].txt [ Cookie:lisa@paypal.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@accountemps[1].txt [ Cookie:lisa@accountemps.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@microsoftwindows.112.2o7[1].txt [ Cookie:lisa@microsoftwindows.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@www.qsstats[2].txt [ Cookie:lisa@www.qsstats.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@e2itg.pbteen[2].txt [ Cookie:lisa@e2itg.pbteen.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@pointroll[2].txt [ Cookie:lisa@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@ads.addynamix[1].txt [ Cookie:lisa@ads.addynamix.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@oasn03.247realmedia[1].txt [ Cookie:lisa@oasn03.247realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@stats2.officite[1].txt [ Cookie:lisa@stats2.officite.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@CANID5Y8.txt [ Cookie:lisa@liveperson.net/hc/43853546 ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@hpi.rotator.hadj7.adjuggler[2].txt [ Cookie:lisa@hpi.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@e1.cdn.qnsr[1].txt [ Cookie:lisa@e1.cdn.qnsr.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@msnbc.112.2o7[1].txt [ Cookie:lisa@msnbc.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@jobsinaccounting[1].txt [ Cookie:lisa@jobsinaccounting.org/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@adserver.adtechus[2].txt [ Cookie:lisa@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@cratebarrel.112.2o7[1].txt [ Cookie:lisa@cratebarrel.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@liveperson[6].txt [ Cookie:lisa@liveperson.net/hc/88878672 ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@serving-sys[1].txt [ Cookie:lisa@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@lucidmedia[2].txt [ Cookie:lisa@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@eyewonder[1].txt [ Cookie:lisa@eyewonder.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@liveperson[1].txt [ Cookie:lisa@liveperson.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@warnerbros.112.2o7[1].txt [ Cookie:lisa@warnerbros.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@pluckit.demandmedia[1].txt [ Cookie:lisa@pluckit.demandmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@liveperson[7].txt [ Cookie:lisa@liveperson.net/hc/14639449 ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@tracking.servedbyy[2].txt [ Cookie:lisa@tracking.servedbyy.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@educationmanagementllc.112.2o7[1].txt [ Cookie:lisa@educationmanagementllc.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@usgs.122.2o7[1].txt [ Cookie:lisa@usgs.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@secure.leadback.advertising[1].txt [ Cookie:lisa@secure.leadback.advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@mallimages.mallfinder[2].txt [ Cookie:lisa@mallimages.mallfinder.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@tracking.plattformad[1].txt [ Cookie:lisa@tracking.plattformad.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@mediaforge[2].txt [ Cookie:lisa@mediaforge.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@wegmansfoods.112.2o7[1].txt [ Cookie:lisa@wegmansfoods.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@www.windowsmedia[2].txt [ Cookie:lisa@www.windowsmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@linksynergy[2].txt [ Cookie:lisa@linksynergy.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@www.accountingcoach[1].txt [ Cookie:lisa@www.accountingcoach.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@bizrate[1].txt [ Cookie:lisa@bizrate.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@ehg-adidas.hitbox[2].txt [ Cookie:lisa@ehg-adidas.hitbox.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@unitedcountry[2].txt [ Cookie:lisa@unitedcountry.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@web4.realtracker[1].txt [ Cookie:lisa@web4.realtracker.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@carlson.112.2o7[1].txt [ Cookie:lisa@carlson.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@loudouncountyjobs.jobamatic[2].txt [ Cookie:lisa@loudouncountyjobs.jobamatic.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@countryinns[1].txt [ Cookie:lisa@countryinns.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@in.getclicky[1].txt [ Cookie:lisa@in.getclicky.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@CARPDBPV.txt [ Cookie:lisa@liveperson.net/hc/LPneimanmarcus ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@fairfaxcounty[1].txt [ Cookie:lisa@fairfaxcounty.gov/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@accounts.google[1].txt [ Cookie:lisa@accounts.google.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@insightexpressai[2].txt [ Cookie:lisa@insightexpressai.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@www.countryliving[4].txt [ Cookie:lisa@www.countryliving.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@www.accountemps[1].txt [ Cookie:lisa@www.accountemps.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@gs.serving-sys[1].txt [ Cookie:lisa@gs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@liveperson[8].txt [ Cookie:lisa@liveperson.net/hc/37457093 ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@webanalytics.crownpeak.com.re.getclicky[1].txt [ Cookie:lisa@webanalytics.crownpeak.com.re.getclicky.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@traveladvertising[2].txt [ Cookie:lisa@traveladvertising.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@rotator.hadj7.adjuggler[3].txt [ Cookie:lisa@rotator.hadj7.adjuggler.net/servlet/ajrotator/track/pt63551 ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@marketlive.122.2o7[1].txt [ Cookie:lisa@marketlive.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@atrack.art[2].txt [ Cookie:lisa@atrack.art.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@liveperson[9].txt [ Cookie:lisa@liveperson.net/hc/48912686 ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@countryliving[1].txt [ Cookie:lisa@countryliving.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@hitbox[2].txt [ Cookie:lisa@hitbox.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@teenfashion.about[1].txt [ Cookie:lisa@teenfashion.about.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@msnportal.112.2o7[1].txt [ Cookie:lisa@msnportal.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@stats.washingtonpost[2].txt [ Cookie:lisa@stats.washingtonpost.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@akamai.interclickproxy[2].txt [ Cookie:lisa@akamai.interclickproxy.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@www.googleadservices[1].txt [ Cookie:lisa@www.googleadservices.com/pagead/conversion/1070254509/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@nestleusa.122.2o7[1].txt [ Cookie:lisa@nestleusa.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@hearstmagazines.112.2o7[1].txt [ Cookie:lisa@hearstmagazines.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@adserve.navigateboomermedia[1].txt [ Cookie:lisa@adserve.navigateboomermedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@ad.yieldmanager[1].txt [ Cookie:lisa@ad.yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@search.clicksthe[1].txt [ Cookie:lisa@search.clicksthe.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@nextag[2].txt [ Cookie:lisa@nextag.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@amazonlocal.122.2o7[1].txt [ Cookie:lisa@amazonlocal.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@CAVL92NT.txt [ Cookie:lisa@liveperson.net/hc/89901003 ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@msn[7].txt [ Cookie:lisa@msn.com/fall-tv-guide/fall-tvs-sexiest-stars/photo-gallery/feature/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@pmamedia.sitescout[2].txt [ Cookie:lisa@pmamedia.sitescout.com/ ]
C:\DOCUMENTS AND SETTINGS\LISA\Cookies\lisa@amazonmerchants.122.2o7[1].txt [ Cookie:lisa@amazonmerchants.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@media6degrees[1].txt [ Cookie:morgan@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@zedo[2].txt [ Cookie:morgan@zedo.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@a1.interclick[2].txt [ Cookie:morgan@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@advertising[2].txt [ Cookie:morgan@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@invitemedia[2].txt [ Cookie:morgan@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@insightexpressai[1].txt [ Cookie:morgan@insightexpressai.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@casalemedia[2].txt [ Cookie:morgan@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@revsci[2].txt [ Cookie:morgan@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@burstbeacon[2].txt [ Cookie:morgan@burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@ads.bridgetrack[2].txt [ Cookie:morgan@ads.bridgetrack.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@bizrate[1].txt [ Cookie:morgan@bizrate.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@clkads[2].txt [ Cookie:morgan@clkads.com/adServe/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@content.yieldmanager[2].txt [ Cookie:morgan@content.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@adbrite[1].txt [ Cookie:morgan@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@trafficmp[1].txt [ Cookie:morgan@trafficmp.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@lucidmedia[1].txt [ Cookie:morgan@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@clkads[3].txt [ Cookie:morgan@clkads.com/adServe/banners ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@pointroll[2].txt [ Cookie:morgan@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@www.googleadservices[1].txt [ Cookie:morgan@www.googleadservices.com/pagead/conversion/1056755011/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@interclick[1].txt [ Cookie:morgan@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@imrworldwide[2].txt [ Cookie:morgan@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@specificclick[1].txt [ Cookie:morgan@specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@burstnet[1].txt [ Cookie:morgan@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@collective-media[1].txt [ Cookie:morgan@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@server.cpmstar[2].txt [ Cookie:morgan@server.cpmstar.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@buildabear.122.2o7[1].txt [ Cookie:morgan@buildabear.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@ad.yieldmanager[2].txt [ Cookie:morgan@ad.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@fastclick[2].txt [ Cookie:morgan@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@atdmt[2].txt [ Cookie:morgan@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@cdn4.specificclick[1].txt [ Cookie:morgan@cdn4.specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@statse.webtrendslive[1].txt [ Cookie:morgan@statse.webtrendslive.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@adxpose[1].txt [ Cookie:morgan@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@ru4[1].txt [ Cookie:morgan@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@www.burstbeacon[1].txt [ Cookie:morgan@www.burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\MORGAN\Cookies\morgan@tribalfusion[2].txt [ Cookie:morgan@tribalfusion.com/ ]
a.ads2.msads.net [ C:\DOCUMENTS AND SETTINGS\GUNNAR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GUGQFEPM ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\GUNNAR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GUGQFEPM ]
ads2.msads.net [ C:\DOCUMENTS AND SETTINGS\GUNNAR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GUGQFEPM ]
adsatt.espn.go.com [ C:\DOCUMENTS AND SETTINGS\GUNNAR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GUGQFEPM ]
b.ads2.msads.net [ C:\DOCUMENTS AND SETTINGS\GUNNAR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GUGQFEPM ]
cdn4.specificclick.net [ C:\DOCUMENTS AND SETTINGS\GUNNAR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GUGQFEPM ]
interclick.com [ C:\DOCUMENTS AND SETTINGS\GUNNAR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GUGQFEPM ]
m1.2mdn.net [ C:\DOCUMENTS AND SETTINGS\GUNNAR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GUGQFEPM ]
media1.clubpenguin.com [ C:\DOCUMENTS AND SETTINGS\GUNNAR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GUGQFEPM ]
msntest.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GUNNAR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GUGQFEPM ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\GUNNAR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GUGQFEPM ]
serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GUNNAR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GUGQFEPM ]
udn.specificclick.net [ C:\DOCUMENTS AND SETTINGS\GUNNAR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GUGQFEPM ]
a.ads2.msads.net [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
ads2.msads.net [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
b.ads2.msads.net [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
cdn4.specificclick.net [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
interclick.com [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
m1.2mdn.net [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
media.overstock.com [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
media10.washingtonpost.com [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
mediaforgews.com [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
msntest.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
serving-sys.com [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
stmedia.startribune.com [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
www.accountingcoach.com [ C:\DOCUMENTS AND SETTINGS\LISA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DZFW5UYL ]
C:\DOCUMENTS AND SETTINGS\LISA\COOKIES\LISA@2O7[1].TXT [ /2O7 ]
C:\DOCUMENTS AND SETTINGS\LISA\COOKIES\LISA@ADOPT.EUROCLICK[1].TXT [ /ADOPT.EUROCLICK ]
C:\DOCUMENTS AND SETTINGS\LISA\COOKIES\LISA@DMTRACKER[1].TXT [ /DMTRACKER ]
C:\DOCUMENTS AND SETTINGS\LISA\COOKIES\LISA@JMP.CLICKBOOTH[1].TXT [ /JMP.CLICKBOOTH ]
C:\DOCUMENTS AND SETTINGS\LISA\COOKIES\LISA@KODAKIMAGINGNETWORK.122.2O7[1].TXT [ /KODAKIMAGINGNETWORK.122.2O7 ]
C:\DOCUMENTS AND SETTINGS\LISA\COOKIES\LISA@QKSRV[1].TXT [ /QKSRV ]
C:\DOCUMENTS AND SETTINGS\LISA\COOKIES\LISA@TRACKING.ADMARKETPLACE[1].TXT [ /TRACKING.ADMARKETPLACE ]
C:\DOCUMENTS AND SETTINGS\LISA\COOKIES\LISA@VIDEOEGG.ADBUREAU[1].TXT [ /VIDEOEGG.ADBUREAU ]
C:\DOCUMENTS AND SETTINGS\LISA\COOKIES\LISA@ZEDO[1].TXT [ /ZEDO ]
C:\DOCUMENTS AND SETTINGS\LISA\COOKIES\LISA@ZEDO[2].TXT [ /ZEDO ]
a.ads2.msads.net [ C:\DOCUMENTS AND SETTINGS\MORGAN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4TC53H5J ]
adimages.scrippsnetworks.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4TC53H5J ]
ads2.msads.net [ C:\DOCUMENTS AND SETTINGS\MORGAN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4TC53H5J ]
b.ads2.msads.net [ C:\DOCUMENTS AND SETTINGS\MORGAN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4TC53H5J ]
cdn4.specificclick.net [ C:\DOCUMENTS AND SETTINGS\MORGAN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4TC53H5J ]
media1.clubpenguin.com [ C:\DOCUMENTS AND SETTINGS\MORGAN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4TC53H5J ]
udn.specificclick.net [ C:\DOCUMENTS AND SETTINGS\MORGAN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4TC53H5J ]

Adware.SelectRebates[SAH]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1290\A0148309.DLL

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\OT.ICO
C:\WINDOWS\SYSTEM32\TS.ICO

 

[Bobbye]

Erik, you have new, active malware- quite a bit in the Java cache. We need to find how this is getting in. I have several things for you to do- while we try to find the leak, please don't do any new downloads, installs. There are several users on the system> Start here:

1. Download Security Check by screen317 from one of these links:
Link1
Link 2

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=======================================
2. Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Files 
  C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\57\4c85f79-4bce12da 
  C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\6\2b2dd8c6-2e62bd77 
  C:\Documents and Settings\Erik\Application Data\Sun\Java\Deployment\cache\6.0\25\5881c799-36cc4fe1 
  C:\Documents and Settings\Erik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\7656823660-6b406ab0-2f0105ad.zip 
  C:\Documents and Settings\Erik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\plugins.jar-77c163df-1b781d71.zip 
  C:\Program Files\FoxTabAudioConverter\AudioConverter.exe 
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
========================================
3. To clear the Java Plug-in cache:

• 
  [1]. Click Start > Control Panel.
  [2]. Double-click the Java icon in the control panel.
  
  The Java Control Panel appears.
  
  
  
  [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
  
  
  
  [4] Click Delete Files.The Delete Temporary Files dialog box appears.
  
  
  
  [5]. Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  [6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
======================================
4. Reset Cookies
This same thing need to be done for all accounts:
Administrator
Erik
GUNNAR
LISA
MORGAN
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
====================================
5. If you've done any of the above, do it again. It's based on what I see in these logs..

I'll check the Security Check tomorrow and give you specific information for removing {b]SpywareQuake[/b] You may see fake alerts resembling this:

Do not act on any of these alerts!

 

[Eric72]

OK - thanks, Bobbye. I've completed the steps you listed, and they all appeared to work just fine.

Here's the Security Check Log:

Results of screen317's Security Check version 0.99.28
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````


And here's the OTM log:

All processes killed
========== FILES ==========
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\57\4c85f79-4bce12da moved successfully.
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\6\2b2dd8c6-2e62bd77 moved successfully.
C:\Documents and Settings\Erik\Application Data\Sun\Java\Deployment\cache\6.0\25\5881c799-36cc4fe1 moved successfully.
C:\Documents and Settings\Erik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\7656823660-6b406ab0-2f0105ad.zip moved successfully.
C:\Documents and Settings\Erik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\plugins.jar-77c163df-1b781d71.zip moved successfully.
C:\Program Files\FoxTabAudioConverter\AudioConverter.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 121064 bytes
->Temporary Internet Files folder emptied: 76322 bytes
->Java cache emptied: 1003 bytes
->Flash cache emptied: 5847 bytes

User: All Users

User: Default User
->Temp folder emptied: 59964 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Erik
->Temp folder emptied: 2679355 bytes
->Temporary Internet Files folder emptied: 193119843 bytes
->Java cache emptied: 1232742 bytes
->Flash cache emptied: 2852 bytes

User: Gunnar
->Temp folder emptied: 414289760 bytes
->Temporary Internet Files folder emptied: 239087336 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 124712 bytes

User: Lisa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 157915 bytes
->Java cache emptied: 14377 bytes
->Flash cache emptied: 40920 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 213126 bytes
->Flash cache emptied: 300 bytes

User: Morgan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 190857 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 19777 bytes

User: NetworkService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 8388739 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 103727435 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 59136 bytes
RecycleBin emptied: 1022919 bytes

Total Files Cleaned = 920.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 12072011_191614

Files moved on Reboot...

Registry entries deleted on Reboot...

 

[Eric72]

By the way, I see that Security Check indicates the Windows firewall is disabled, which sounds significant to me! However, Verizon Internet Security Suite indicates that its firewall is active.

 

[Bobbye]

Verizon Security uses McAfee. If it has a firewall included, then the Windows Firewall should be disabled. Only one software firewall should be running.

The only antivirus program showing is the ESET Online Scanner v3. Neither the McAfee antivirus or firewall are indicated in the Security Scan. This is NOT a resident program and gives you no protection in Real Time. I finally got system information for DDS on Reply #32! But it's not reading correctly:
AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Firewall *Enabled*

Should be:
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* ...
---------------------------------------------
I see McAfee entries: These are all stopped, designation S. They should be Running, designation R.
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 214904]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-7 214904]

These processes are running/Automatic:
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-7 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-7 160608]
These are said to be huge resource users. At some point, you might want to consider removing the McAfee Security and replacing it with a free AV and FW:
See Section #2 below
====================================
OTM results: Total Files Cleaned = 920.00 mb This is way too many files still on the system. You need to increase the maintenance on the system- or start it! Delete temporary internet Files, delete Cookies, Disc Cleanup, Defrag.

Java should have been updated: Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

You are continuing to get new, active malware. Something is wrong with your security setup.
===================================
Here are some tips that will help with the security:
Tips for added security and safer browsing: (Links are in Bold Blue)

1. Browser Security
   [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
   [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
   [o] Replace the Host Files
   [o] Google Toolbar Pop Up Blocker
   [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
   
2. Have layered Security:
   [o]Antivirus :(only one):Both of the following programs are free and known to be good:
   [o]Avira-AntiVir-Personal-Free-Antivirus
   [o]Avast-Free Antivirus
   [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
   [o]Comodo
   [o]Zone Alarm
   
3. Antimalware: I recommend all of the following:
   [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
   [o]Spybot Search & Destroy
   
4. Updates: Stay current:
   [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
   [o]Adobe Reader Install current, uninstall old.
   [o]Java Updates Install current, uninstall old.
   
5. Tracking Cookies
   Reset Cookie:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
   [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
   
6. Do regular Maintenance
   Clean the temporary internet files often:
   [o] Temporary File Cleaner]
   or
   [o] ATF Cleaner by Atribune
7. Restore Points:
   [o]See System Restore Guide
8. Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

Please let me know if you find any bad link.
======================================
Please give me information on how the system is running now.

 

[Eric72]

Will do, Bobbye - thanks. I haven't had a chance to run through all these steps yet, but I will.