Inactive No icons on desktop and PC acting weird

[Lore]

This is the first time I have a problem with win7.\
Here is the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:57 PM, on 25-Jan-11
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE
C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAB8SWK.EXE
C:\Users\Mario\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trend Micro\HiJackThis\Crusty.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: xxop81 - xxop81.dll (file missing)
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 7148 bytes

 

[Bobbye]

Welcome to TechSpot! I'll be glad to help with the malware after I get more information.

We don't 'screen' for malware with HijackThis though so please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Please describe what PC acting weird means in addition to missing icons.

Please disable or uninstall uTorrent while I'm helping you. File sharing is one of the greatest sources of malware and I don't want it running while I'm trying to clean the system.

 

[Lore]

Weird: closes an application at random, bleu screen (once), system slows down from time to time.

Logs:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5610

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26-Jan-11 6:01:49 PM
mbam-log-2011-01-26 (18-01-49).txt

Scan type: Quick scan
Objects scanned: 137618
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxop81 (Trojan.Goldun) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Mario\downloads\smileycentralpfsetup2.3.76.6.znman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.






GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-26 18:38:26
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV011C
Running: gmer.exe; Driver: C:\Users\Mario\AppData\Local\Temp\ugldypod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x987D1780]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x987D1830]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x987D18D0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x987D1970]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C7F599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CA3F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82CAB9F8 4 Bytes [80, 17, 7D, 98] {ADC BYTE [EDI], 0x7d; CWDE }
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82CABCC8 8 Bytes [30, 18, 7D, 98, D0, 18, 7D, ...] {XOR [EAX], BL; JGE 0xffffffffffffff9c; RCR BYTE [EAX], 0x1; JGE 0xffffffffffffffa0}
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 82CABD3C 4 Bytes [70, 19, 7D, 98] {JO 0x1b; JGE 0xffffffffffffff9c}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9163B000, 0x2D5378, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtCreateFile + 6 770E4A36 4 Bytes [28, 00, 17, 00]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtCreateFile + B 770E4A3B 1 Byte [E2]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtMapViewOfSection + 6 770E5096 1 Byte [28]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtMapViewOfSection + 6 770E5096 4 Bytes [28, 03, 17, 00]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtMapViewOfSection + B 770E509B 1 Byte [E2]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenFile + 6 770E5146 4 Bytes [68, 00, 17, 00]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenFile + B 770E514B 1 Byte [E2]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcess + 6 770E51F6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcess + B 770E51FB 1 Byte [E2]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessToken + B 770E520B 1 Byte [E2]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessTokenEx + 6 770E5216 4 Bytes [A8, 02, 17, 00]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenProcessTokenEx + B 770E521B 1 Byte [E2]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThread + 6 770E5276 4 Bytes [68, 01, 17, 00]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThread + B 770E527B 1 Byte [E2]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadToken + 6 770E5286 4 Bytes [68, 02, 17, 00]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadToken + B 770E528B 1 Byte [E2]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtOpenThreadTokenEx + B 770E529B 1 Byte [E2]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryAttributesFile + 6 770E53A6 4 Bytes [A8, 00, 17, 00]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryAttributesFile + B 770E53AB 1 Byte [E2]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtQueryFullAttributesFile + B 770E545B 1 Byte [E2]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationFile + 6 770E5AA6 4 Bytes [28, 01, 17, 00]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationFile + B 770E5AAB 1 Byte [E2]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationThread + 6 770E5B06 4 Bytes [28, 02, 17, 00]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtSetInformationThread + B 770E5B0B 1 Byte [E2]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtUnmapViewOfSection + 6 770E5E26 1 Byte [68]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtUnmapViewOfSection + 6 770E5E26 4 Bytes [68, 03, 17, 00]
.text C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe[5440] ntdll.dll!NtUnmapViewOfSection + B 770E5E2B 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002186c238fa
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002186c238fa@001fdec9d929 0x98 0xB4 0xDC 0x35 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002186c238fa (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002186c238fa@001fdec9d929 0x98 0xB4 0xDC 0x35 ...

---- EOF - GMER 1.0.15 ----

 

[Lore]

logs2

DDS (Ver_10-12-12.02) - NTFSx86
Run by Mario at 18:42:30.00 on 26-Jan-11
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3067.1714 [GMT 1:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Mario\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE
C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAB8SWK.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mario\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\mario\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [CNAP2 Launcher] c:\windows\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\mario\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-2-26 26168]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-13 1153368]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-25 517448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-27 1343400]

=============== Created Last 30 ================

2011-01-26 16:55:36 -------- d-----w- c:\users\mario\appdata\roaming\Malwarebytes
2011-01-26 16:55:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-26 16:55:29 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-26 16:55:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-26 16:55:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-25 21:07:56 388096 ----a-r- c:\users\mario\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-25 21:07:56 -------- d-----w- c:\program files\Trend Micro
2011-01-25 13:34:45 -------- d-----w- C:\Games
2011-01-23 15:31:11 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-01-23 15:31:11 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-01-23 15:31:11 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2011-01-23 15:31:11 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-01-21 15:14:49 -------- d-----w- c:\program files\LucasArts

==================== Find3M ====================

2010-11-12 17:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:36 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:36:16 801792 ----a-w- c:\windows\system32\FntCache.dll
2010-11-02 04:35:51 1074176 ----a-w- c:\windows\system32\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- c:\windows\system32\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:23:44 107520 ----a-w- c:\windows\system32\cdd.dll

============= FINISH: 18:43:35.12 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 15-Oct-09 10:06:15 PM
System Uptime: 26-Jan-11 6:02:33 PM (0 hours ago)

Motherboard: Hewlett-Packard | | 30E9
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | Intel(R) Genuine processor | 1321/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 98 GiB total, 61.332 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
S: is FIXED (NTFS) - 200 GiB total, 15.215 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&24BEA97F&0&001FDEC9D929_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&24BEA97F&0&001FDEC9D929_C00000000
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&24BEA97F&0&001FDEC9D929_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&24BEA97F&0&001FDEC9D929_C00000000
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&24BEA97F&0&001FDEC9D929_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&24BEA97F&0&001FDEC9D929_C00000000
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&24BEA97F&0&001FDEC9D929_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&24BEA97F&0&001FDEC9D929_C00000000
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_LOCALMFG&000F\7&24BEA97F&0&001FDEC9D929_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_LOCALMFG&000F\7&24BEA97F&0&001FDEC9D929_C00000000
Service:

==== System Restore Points ===================

RP198: 23-Jan-11 5:02:03 PM - Removed Morrowind
RP200: 23-Jan-11 5:04:00 PM - Installed Morrowind
RP202: 23-Jan-11 5:07:32 PM - Installed TES Construction Set
RP204: 23-Jan-11 5:12:00 PM - Installed Bloodmoon
RP206: 23-Jan-11 5:14:35 PM - Installed Tribunal
RP208: 23-Jan-11 5:20:43 PM - Removed TES Construction Set
RP210: 23-Jan-11 5:21:29 PM - Removed Morrowind
RP211: 25-Jan-11 9:55:23 PM - Restore Operation
RP212: 25-Jan-11 10:07:27 PM - Installed HiJackThis

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Advertising Center
AstroPop Deluxe 1.1
AVG 2011
Bandisoft MPEG-1 Decoder
Bejeweled 2 Deluxe 1.1
Canon LBP3010/LBP3018/LBP3050
Comix Zone
D3DX10
DolbyFiles
Facebook Plug-In
GOM Player
Google Chrome
Google Talk Plugin
Guild Wars
Hammer Heads Deluxe 1.1
HiJackThis
ImagXpress
Java Auto Updater
Java(TM) 6 Update 23
LightScribe System Software
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Morrowind
Movie Templates - Starter Kit
Mozilla Thunderbird (2.0.0.6)
MPEG2 Codec(libmpeg2/mad)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
NeroLiveGadget
neroxml
Nokia Connectivity Cable Driver
OGA Notifier 2.0.0048.0
Opera 11.00
Pirelli USB Driver
Real Alternative 2.0.2
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Seven Seas Deluxe 1.13
Skype™ 4.2
SoulSeek Client 156c
SoundTrax
Spybot - Search & Destroy
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
Synaptics Pointing Device Driver
Total Commander (Remove or Repair)
Tradewinds Legends 1.0.3.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2483110)
Ventrilo Client
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR archiver

==== Event Viewer Messages From Past Week ========

26-Jan-11 6:02:58 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
26-Jan-11 6:02:58 PM, Error: atikmdag [43029] - Display is not active
23-Jan-11 4:38:26 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom2.
21-Jan-11 4:18:10 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom6.
21-Jan-11 4:17:54 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom4.
20-Jan-11 9:49:55 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
20-Jan-11 9:49:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
20-Jan-11 9:49:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
20-Jan-11 9:49:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
20-Jan-11 9:49:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
20-Jan-11 9:49:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
20-Jan-11 9:49:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
20-Jan-11 9:49:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x988025fe, 0xa2337c00, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012011-19968-01.
20-Jan-11 9:49:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
20-Jan-11 9:49:26 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
20-Jan-11 9:49:26 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
20-Jan-11 9:49:26 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
20-Jan-11 9:49:26 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
20-Jan-11 9:49:26 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
20-Jan-11 9:49:26 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
20-Jan-11 9:49:25 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
20-Jan-11 9:49:25 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
20-Jan-11 9:49:25 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
20-Jan-11 9:49:25 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================

 

[Bobbye]

Weird: closes an application at random, bleu screen (once), system slows down from time to time.

1. closes an application at random> if this happens frequently, note time on the computer clock, tell me name of app and I'll tell you where to look.
2. bleu screen (once)> not significant.
3. system slows down occasionally Maybe you need to reboot once on a while to free up memory. Maybe you need to do maintenance more frequently. Maybe there is more internet traffic at that time.
==================================================
This is the last entry showing in the Mbam log- but it's not the end of the log:
Files Infected:
c:\Users\Mario\downloads\smileycentralpfsetup2.3.76.6.znman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
??????????
There should be some more text at the end. I ask because there is an entry in the DDS log to 'runclenscript'
This is a leftover from the Delete On Reboot script. There's a bug where it doesn't get removed after it gets used.This was suppose to have been fixed in this version.
==============================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Re-enable your Antivirus software.
10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

======================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe

• Double click combofix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Query- Recovery Console image
  
  
  
  

  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes it will open a text window. Please paste that log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

[Lore]

Log from ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Log from Combofix:


ComboFix 11-01-29.02 - Mario 30-Jan-11 12:53:12.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3067.2005 [GMT 1:00]
Running from: c:\users\Mario\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-30 )))))))))))))))))))))))))))))))
.

2011-01-30 11:58 . 2011-01-30 11:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-30 11:51 . 2011-01-30 11:51 -------- d-----w- C:\32788R22FWJFW
2011-01-27 21:03 . 2011-01-20 09:39 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16E3CFAA-2479-40AC-9829-B38FA4DF4E3E}\mpengine.dll
2011-01-27 11:51 . 2011-01-27 11:51 -------- d-----w- c:\program files\ESET
2011-01-26 16:55 . 2011-01-26 16:55 -------- d-----w- c:\users\Mario\AppData\Roaming\Malwarebytes
2011-01-26 16:55 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-26 16:55 . 2011-01-26 16:55 -------- d-----w- c:\programdata\Malwarebytes
2011-01-26 16:55 . 2011-01-26 16:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-26 16:55 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-25 21:07 . 2011-01-25 21:07 388096 ----a-r- c:\users\Mario\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-25 21:07 . 2011-01-25 21:07 -------- d-----w- c:\program files\Trend Micro
2011-01-25 13:34 . 2011-01-25 13:34 -------- d-----w- C:\Games
2011-01-23 15:31 . 2001-09-05 04:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2011-01-23 15:31 . 2000-10-05 15:55 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-01-23 15:31 . 2000-10-05 15:50 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-01-23 15:31 . 2000-10-05 15:49 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-01-21 15:14 . 2011-01-21 15:14 -------- d-----w- c:\program files\LucasArts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 17:53 . 2010-05-11 12:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 05:52 . 2010-12-15 13:22 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 13:22 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 13:22 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 13:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-15 13:22 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-15 13:22 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-15 13:22 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-15 13:22 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-15 13:22 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-15 13:22 179712 ----a-w- c:\windows\system32\schtasks.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"Google Update"="c:\users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-24 133104]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-05-19 37888]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2007-09-05 406944]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

c:\users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-9-23 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-02-26 26168]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-05-18 16:54 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-804780805-3886671757-2489778224-1000Core.job
- c:\users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-24 11:19]

2011-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-804780805-3886671757-2489778224-1000UA.job
- c:\users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-24 11:19]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Guild Wars - s:\guild wars\Gw.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-30 13:00:54
ComboFix-quarantined-files.txt 2011-01-30 12:00

Pre-Run: 66,716,164,096 bytes free
Post-Run: 66,897,031,168 bytes free

- - End Of File - - 88C5183D7EDC3E653B5519729E569DA1

 

[Bobbye]

Log from ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Was anything found? This isn't the log.

 

[Bobbye]

I'm not seeing much so far.

Please reopen HijackThis to 'do system scan only.'. Check each of the following, if present:

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe> See Option 1
O20 - Winlogon Notify: xxop81 - xxop81.dll (file missing)

Close all Windows except HijackThis and click on "Fix Checked."
==============================================
Option 1: MagicDisc.exe - Associated with MagicISO Virtual CD/DVD-ROMsoftware. Makes CD/DVD image files, convert formats, etc. magicdisc.exe uses excessive system and memory resources with no corresponding benefit. Applications such as these should be disabled to improve overall system performance. It does not need to start on boot and can be accessed when you need it by clicking on Start> All Programs: MagicDisc

Start Menu: All Programs. Screenshot courtesy Winsupersite.
=====================================
Windows 7 like to keep the desktop clean and may have inadvertently moved the icons. Right click on any empty area of the desktop> Choose View. Make sure Show Desktop Icons is checked.

Please let me know what additional problems remain.

 

[Lore]

ESET found some trojan worms. And this was in the log where you said it would be.

I'll do the HJT and If there are more problem let ya know.

Thanks for all the help )

 

[Bobbye]

ESET found some trojan worms. And this was in the log where you said it would be.

Where is the log? Where are the Worms? Find it please and paste it in next reply:

It is here: C:\Program Files\EsetOnlineScanner\log.txt.

 

[Lore]

And I am saying that I have found the file You are talking about and it contains only this:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

I've done the scan twice!

 

[Bobbye]

Okay. I don't know where the Worms went though because the Eset instructions state not to check for removal. Online scanners show entries no matter where their location is- it could be an old infection but still in the restore points (I have you drop those at the end of cleaning) Ir they could be in the Qoobox which is where Combofix sends the files it deleted. If only either of these, the malware is no longer active in the system

Please run a scan with AVG and paste in the log.

Did you try what I left for restoring the desktop icons? Was there any improvement?
================================================
Posted problems:
1. closes an application at random> if this happens frequently, note time on the computer clock, tell me name of app and I'll tell you where to look.
2. bleu screen (once)> not significant.
3. system slows down occasionally Maybe you need to reboot once on a while to free up memory. Maybe you need to do maintenance more frequently. Maybe there is more internet traffic at that time.

 

[Lore]

Scan "Scan whole computer" completed.
Warnings;"115";"115";"0"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Tuesday, 01 February, 2011, 10:35:37 AM"
Scan finished:;"Tuesday, 01 February, 2011, 10:47:53 AM (12 minute(s) 15 second(s))"
Total object scanned:;"392966"
User who launched the scan:;"Mario"

Warnings
File;"Infection";"Result"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\zedo.com.c1dd09f2;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\zedo.com.b59b1f48;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\zedo.com.6a4b36ab;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\zedo.com.27f1639b;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\yadro.ru.c77afad5;"Found Tracking cookie.Yadro";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\trafficmp.com.f2e337da;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\trafficmp.com.e2e71e33;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\trafficmp.com.c9b40e7c;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\trafficmp.com.ae53b8b;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\trafficmp.com.a00e30b4;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\trafficmp.com.6a120fb;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\trafficmp.com.67c02881;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\trafficmp.com.4f6f88fa;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\trafficmp.com.37644bdb;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\trafficmp.com.34123425;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\trafficmp.com.2878eb14;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\tradedoubler.com.eab0972e;"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\tradedoubler.com.dc3c9994;"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\tacoda.net.4366831a;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\tacoda.net.27341d57;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\statse.webtrendslive.com.b4ca7df0;"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\smartadserver.com.bf8b766;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\smartadserver.com.5550c4ed;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\smartadserver.com.321a5cf8;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\ru4.com.f2adca26;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\ru4.com.5a5e0633;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\ru4.com.4a1a2114;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\ru4.com.490c38be;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\ru4.com.3d65bbfd;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\revsci.net.f0067737;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\revsci.net.50e13b1b;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\revsci.net.18a1d1b2;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\realmedia.com.ef906bac;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\realmedia.com.855b46d;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\questionmarket.com.4dd5e426;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\questionmarket.com.3eb5a9f1;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\pointroll.com.f2d5a6f6;"Found Tracking cookie.Pointroll";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\pointroll.com.72c0abc9;"Found Tracking cookie.Pointroll";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\overture.com.e626e6be;"Found Tracking cookie.Overture";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\overture.com.52ca467a;"Found Tracking cookie.Overture";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\mediaplex.com.dc30fb3c;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\mediaplex.com.323e9a10;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\hitbox.com.2b95f8a3;"Found Tracking cookie.Hitbox";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\fastclick.net.57e8da10;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\casalemedia.com.ce59db3e;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\casalemedia.com.80ad4799;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\burstnet.com.ce59db3e;"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\burstnet.com.a3218a37;"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\atdmt.com.f4b86dca;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\adviva.net.39ec90c;"Found Tracking cookie.Adviva";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\advertising.com.525a5fb9;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\advertising.com.1dfa2206;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\adtech.de.a9245469;"Found Tracking cookie.Adtech";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\adbrite.com.ff6c09ff;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\adbrite.com.d5e309c2;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\adbrite.com.71beeff9;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\adbrite.com.44f92a69;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\adbrite.com.215df2f3;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\ad.yieldmanager.com.e626e6be;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\ad.yieldmanager.com.b4be891c;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\ad.yieldmanager.com.830b6f08;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\ad.yieldmanager.com.13a6979d;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\2o7.net.e802a7ab;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\2o7.net.e48ef60e;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\2o7.net.c03e4f6e;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\2o7.net.b271730a;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\2o7.net.b0922707;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\2o7.net.a698612e;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\2o7.net.7c6f0705;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\247realmedia.com.e14be39e;"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\247realmedia.com.855b46d;"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat:\247realmedia.com.110162fb;"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Opera\Opera\cookies4.dat;"Found Tracking cookie.247realmedia";"Healed"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@ad.yieldmanager[3].txt:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@ad.yieldmanager[3].txt:\ad.yieldmanager.com.e626e6be;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@ad.yieldmanager[3].txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@ad.yieldmanager[3].txt:\ad.yieldmanager.com.8a47878;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@ad.yieldmanager[3].txt:\ad.yieldmanager.com.830b6f08;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@ad.yieldmanager[3].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@ad.yieldmanager[3].txt;"Found Tracking cookie.Yieldmanager";"Healed"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@ad.yieldmanager[2].txt:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@ad.yieldmanager[2].txt;"Found Tracking cookie.Yieldmanager";"Healed"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario@serving-sys[1].txt:\serving-sys.com.db46cecc;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario@serving-sys[1].txt:\serving-sys.com.3c465e6e;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario@serving-sys[1].txt:\serving-sys.com.176b0dad;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario@serving-sys[1].txt;"Found Tracking cookie.Serving-sys";"Healed"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario@bs.serving-sys[1].txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario@bs.serving-sys[1].txt;"Found Tracking cookie.Serving-sys";"Healed"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario@ad.yieldmanager[2].txt:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario@ad.yieldmanager[2].txt:\ad.yieldmanager.com.e626e6be;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario@ad.yieldmanager[2].txt:\ad.yieldmanager.com.8a47878;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario@ad.yieldmanager[2].txt;"Found Tracking cookie.Yieldmanager";"Healed"


Tryed the deskop thing and it worked.

Regarding the "closes the applicastion at random" ... I havnt had the problem sicne You started helping.

 

[Bobbye]

These entries are only the run of the mill Tracking Cookies. Run Superantispyware as below, and be sure to check the line to have it remove what it finds. Follow with resetting the Cookies:

SuperAntiSpyware Home Edition Free Version

• Please download SuperAntiSpyware from HERE
• Launch SuperAntiSpyware and click on 'Check for updates'.
• Wait for the updates to be installed
• On the main screen click on 'Scan your computer'.
• Check: 'Perform Complete Scan then Click 'Next' to start the scan.
• Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
• Make sure everything found has a checkmark next to it,then press 'Next'.
• Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

• Click on 'Preferences'.
• Click on the 'Statistics/Logs' tab.
• Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.

It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
==============================================
Reset Cookies>> depending on which browser(S) are being used:

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
==================================
The icons are back and all the problems have been resolved- yes?

 

[Lore]

Problems do not occure.

Here is the log:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/01/2011 at 07:55 PM

Application Version : 4.47.1000

Core Rules Database Version : 6318
Trace Rules Database Version: 4130

Scan type : Complete Scan
Total Scan Time : 00:40:19

Memory items scanned : 732
Memory threats detected : 0
Registry items scanned : 9293
Registry threats detected : 0
File items scanned : 21881
File threats detected : 396

Adware.Tracking Cookie
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@mediabrandsww[1].txt
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@content.yieldmanager[1].txt
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@adecn[2].txt
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@ad.yieldmanager[3].txt
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@content.yieldmanager[4].txt
.game-advertising-online.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.overture.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.weborama.fr [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.videoegg.adbureau.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lfstmedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.rambler.ru [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
in.getclicky.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media.photobucket.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.s.clickability.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.network.realmedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.xiti.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserver.adreactor.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lfstmedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.chitika.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.enovine.rs [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.overture.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.eyewonder.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.eyewonder.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adxpose.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cz11.clickzs.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cz11.clickzs.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
s04.flagcounter.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserv.brandaffinity.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.skyscanner.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.skyscanner.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.skyscanner.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.skyscanner.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.austrianairlines.122.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.etracker.de [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.cracked.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tripod.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.zanox.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.germanwings.112.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.avgtechnologies.112.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.honeywell.112.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
webstats.aetna.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificmedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lucent.122.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.skyscanner.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
data.skyscanner.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
data.skyscanner.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
data.skyscanner.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.skyscanner.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.skyscanner.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.skyscanner.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.skyscanner.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.skyscanner.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.skyscanner.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.skyscanner.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.theporncomics.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.theporncomics.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.track.parse.ly [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificmedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.shared.rogersmedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.analytics.rogersmedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adlegend.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adlegend.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.freshtracks.co.uk [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.freshtracks.co.uk [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.andomedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.marketlive.122.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.condenast.112.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.gostats.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www9.addfreestats.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.cracked.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.azjmp.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.azjmp.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smileycentral.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smileycentral.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.socialmediatoday.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.socialmediatoday.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.socialmediatoday.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.socialmediatoday.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.socialmediatoday.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.socialmediatoday.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
wstat.wibiya.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
user.lucidmedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.s.clickability.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.novamedia.co.rs [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.novamedia.co.rs [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.novamedia.co.rs [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads.directmedia.biz [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bonniercorp.122.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.richmedia.yahoo.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.statssheet.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.cracktwo.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adnethr.adocean.pl [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.himedia.individuad.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.coolcrack.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.timeinc.122.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
static.freewebs.getclicky.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
stat.dealtime.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.skyscanner.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.skyscanner.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.skyscanner.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kantarmedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kantarmedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.chicagosuntimes.122.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.myroitracking.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adecn.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediabrandsww.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.oddcast.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads.neomedia.hr [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads2.monitor.hr [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads2.monitor.hr [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
z.blogads.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
stat.onestat.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
stat.onestat.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.countomat.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.toplist.cz [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.harrenmedianetwork.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lfstmedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
vipnetadserver.neuralab.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media.contextweb.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media.contextweb.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
statse.webtrendslive.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
stat.onestat.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.123stat.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.123stat.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.hearstmagazines.112.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.burstnet.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.burstnet.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mtvn.112.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserver.mmoguru.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.associatedcontent.112.2o7.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.gdfp.g.doubleclick.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.gdfp.g.doubleclick.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atwola.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.complex.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.complex.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.complex.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserver1.w00tmedia.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads2.monitor.hr [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.etargetnet.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.mtvnservices.com [ C:\Users\Mario\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YURDZAVP ]
secure-us.imrworldwide.com [ C:\Users\Mario\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YURDZAVP ]
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario@ad.yieldmanager[2].txt
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario@bs.serving-sys[1].txt
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario@collective-media[1].txt
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario@serving-sys[1].txt
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@ad.yieldmanager[2].txt
C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\mario@content.yieldmanager[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt

 

[Bobbye]

It does not appear that you check the line for SAS to remove the Tracking Cookies:

# Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
# Make sure everything found has a checkmark next to it,then press 'Next'.

What are Tracking Cookies?
Tracking cookies are only created to track a users movement. The movement can still only be tracked if the user visits a website that displays the advertisement scripts of the company that has a cookie stored on the system. Tracking cookies raise privacy issues, as they allow companies to partially track an Internet user’s movement on the Internet.

The difference between First Party and Third Party Cookies:
A first party cookie is placed by the website itself. For instance,TechSpot will leave a First Party Cookie. A third party cookie is placed by scripts from other services, mostly advertisements that are loaded on the page. So you might find 3rd party Cookies from any ads on the site.

The AVG scan you did shows Tracking Cookies on these accounts and browsers:
1.C:\Users\Mario\AppData\Roaming\Opera\"Moved to Virus Vault"
2.C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\"Healed"
3.C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies\Low\mario "Moved to Virus Vault"

The SAS scan shows new Tracking Cookies on these accounts and browsers:
1.C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Cookies
2.C:\Users\Mario\AppData\Local\Google\Chrome
3.C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies

I just listed the different accounts
User>> All Mario
Browser> Internet Explorer ,Chrome and Opera.
Accounts> Roaming, Low privilege and Administrative.

You have no protection at all, it appears. There is no reason at all to allow the Tracking Cookies. You can reset the browser as I instructed to prevent them and have SAS remove them.

It looks like AVG put them all either in the Virus Vault or 'Healed' them.
SAS found 396 new Tracking Cookies
==========================================
Add this to Reset Cookies> For Opera:

• Press Ctrl-F12 to open the Opera Preferences.
• Choose the Advanced tab> select cookies from the left sidebar menu.
• Uncheck Accept cookies
• Check Accept cookies only from the site I visit.

This will disable third party Cookies which are where tracking Cookies are found. to disable third party cookies in Opera.

It may be that you aren't doing any cleanup maintenance on the system such as disc cleanup, defrag and error check. Not doing this can also cause your system to "act Weird."
======================================
Since your original problems have been resolved, I just need for you to run HijackThis so I can make sure no bad entries remain. I'll check the log and after that, if there re no more removals, I'll have you remove the cleaning tools.

Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Extract it to a directory on your hard drive called c:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.