Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer Hijacked


  • This topic is locked This topic is locked
8 replies to this topic

#1 GeneStarwin

GeneStarwin

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 21 June 2008 - 11:33 AM

I have a serious problem, because my explorer has been hijacked. Whenever I try to open, close, or pretty much use any function for folders I get the error. "System Error! Attention, Harold Some dangerous trojan horses detected in your system. Microsoft Windows XP files corrupted. This may lead the destruction of important files in C:\WINDOWS. Download protection software now." and clicking on the button takes me to a website where it wants me to download the fake virus protection.

thanks for any help.

This is my hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:11 AM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Sprint music manager\MEMonitor.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BhoApp Class - {28F51CDA-3BD1-4F06-8F7B-2A881411983F} - C:\WINDOWS\system32\dadef.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] "C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Startup: MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {1B813CA6-B54F-459E-9720-9A42BF981975} - file:///C:/Program%20Files/BitLord/Downloads/Coldplay%20-%20Viva%20La%20Vida%20or%20Death%20and%20All%20His%20Friends%20[2008]%20-%20320Kbps%20-%20NEW%20ALBUM/codec.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - G:\Ceedo\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 14146 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:57 PM

Posted 21 June 2008 - 12:11 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 GeneStarwin

GeneStarwin
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 21 June 2008 - 02:26 PM

well This is the main.txt

Deckard's System Scanner v20071014.68
Run by Harold on 2008-06-21 14:12:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
94: 2008-06-21 19:12:21 UTC - RP513 - Deckard's System Scanner Restore Point
93: 2008-06-21 16:51:12 UTC - RP512 - System Checkpoint
92: 2008-06-20 08:01:16 UTC - RP511 - Software Distribution Service 3.0
91: 2008-06-19 17:30:51 UTC - RP510 - ComboFix created restore point
90: 2008-06-19 05:54:06 UTC - RP509 - Installed Nero 8 Trial


-- First Restore Point --
1: 2008-03-24 11:41:10 UTC - RP420 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Harold.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:21 PM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Harold\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Harold.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BhoApp Class - {28F51CDA-3BD1-4F06-8F7B-2A881411983F} - C:\WINDOWS\system32\dadef.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] "C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Startup: MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {1B813CA6-B54F-459E-9720-9A42BF981975} - file:///C:/Program%20Files/BitLord/Downloads/Coldplay%20-%20Viva%20La%20Vida%20or%20Death%20and%20All%20His%20Friends%20[2008]%20-%20320Kbps%20-%20NEW%20ALBUM/codec.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - G:\Ceedo\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 14104 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - c:\windows\system32\drivers\ssfs0509.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R0 SSHRMD (Spy Sweeper Hookrack MiniDriver) - c:\windows\system32\drivers\sshrmd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R0 SSIDRV (Spy Sweeper Interdiction Driver) - c:\windows\system32\drivers\ssidrv.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsubleepa Electric Industrial Co.,Ltd.; >
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro TDI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - c:\windows\system32\drivers\sskbfd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service>
R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

S3 catchme - c:\combofix\catchme.sys (file missing)
S3 IO_Memory - c:\sysprep\drivers\ioport.sys (file missing)
S3 RimUsb (BlackBerry Device) - c:\windows\system32\drivers\rimusb.sys (file missing)
S3 SDDMI2 - c:\windows\system32\ddmi2.sys (file missing)
S3 SVRPEDRV - c:\sysprep\pedrv.sys (file missing)
S3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; >
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 RetroExpLauncher (Retrospect Express HD Launcher) - "c:\program files\retrospect\retrospect express hd 2.0\retrorun.exe" <Not Verified; EMC Corporation; Retrospect Express HD>
R2 RMSvc (Media Center Extender Resource Monitor) - c:\windows\ehome\rmsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe
R2 TAPPSRV (TOSHIBA Application Service) - "c:\program files\toshiba\toshiba applet\tappsrv.exe" <Not Verified; TOSHIBA Corp.; TOSHIBA TAPPSRV>
R2 Tmntsrv (Trend NT Realtime Service) - "c:\program files\trend micro\antivirus\tmntsrv.exe" <Not Verified; Trend Micro Incorporated.; Trend Pc-cillin 11>
R2 tmproxy (Trend Micro Proxy Service) - c:\program files\trend micro\antivirus\tmproxy.exe <Not Verified; Trend Micro Incorporated.; Trend Pc-cillin 11>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 RoxLiveShare9 (LiveShare P2P Server 9) - "c:\program files\common files\roxio shared\9.0\sharedcom\roxliveshare9.exe" (file missing)
S3 gusvc (Google Updater Service) - "g:\ceedo\program files\google\common\google updater\googleupdaterservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\D156C3F680DA0
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\D156C3F680DA0
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-06-21 13:35:05 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-06-17 07:55:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-16 04:00:04 1514 --a------ C:\WINDOWS\Tasks\wrSpySweeper_557EC4F0A92241099C4484C0A009AE63.job


-- Files created between 2008-05-21 and 2008-06-21 -----------------------------

2008-06-21 13:14:16 0 d-------- C:\Documents and Settings\Harold\Application Data\gtk-2.0
2008-06-21 13:14:15 0 d-------- C:\Documents and Settings\Harold\.thumbnails
2008-06-21 13:12:01 0 d-------- C:\Documents and Settings\Harold\.gimp-2.4
2008-06-21 13:10:34 0 d-------- C:\Program Files\GIMP-2.0
2008-06-20 11:54:16 0 d-------- C:\WINDOWS\CSC
2008-06-20 11:51:42 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-19 12:37:44 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-19 12:30:21 68096 --a------ C:\WINDOWS\zip.exe
2008-06-19 12:30:21 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-19 12:30:21 98816 --a------ C:\WINDOWS\sed.exe
2008-06-19 12:30:21 80412 --a------ C:\WINDOWS\grep.exe
2008-06-19 12:30:20 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-19 12:30:20 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-19 12:30:20 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-19 12:30:20 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-19 01:06:43 0 d-------- C:\Documents and Settings\Harold\Application Data\Nero
2008-06-19 01:02:56 13312 --a------ C:\WINDOWS\system32\dadef.dll
2008-06-19 00:54:51 0 d-------- C:\Program Files\Nero
2008-06-19 00:54:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-19 00:54:50 0 d-------- C:\Program Files\Common Files\Nero
2008-06-15 14:48:08 425984 --a------ C:\WINDOWS\system32\ml100d.dll
2008-06-15 14:48:08 233472 --a------ C:\WINDOWS\system32\ml100.dll
2008-06-15 14:48:08 864256 --a------ C:\WINDOWS\system32\highgui100d.dll <Not Verified; Intel Corporation; Intel® Open Source Computer Vision Library.>
2008-06-15 14:48:08 622592 --a------ C:\WINDOWS\system32\highgui100.dll <Not Verified; Intel Corporation; Intel® Open Source Computer Vision Library.>
2008-06-15 14:48:08 208896 --a------ C:\WINDOWS\system32\cxts001d.dll
2008-06-15 14:48:08 118784 --a------ C:\WINDOWS\system32\cxts001.dll
2008-06-15 14:48:08 1634304 --a------ C:\WINDOWS\system32\cxcore100d.dll <Not Verified; Intel Corporation.; Intel® Open Source Computer Vision Library>
2008-06-15 14:48:08 933888 --a------ C:\WINDOWS\system32\cxcore100.dll <Not Verified; Intel Corporation.; Intel® Open Source Computer Vision Library>
2008-06-15 14:48:08 929792 --a------ C:\WINDOWS\system32\cvaux100d.dll <Not Verified; Intel Corporation.; Intel® Open Source Computer Vision Library>
2008-06-15 14:48:08 466944 --a------ C:\WINDOWS\system32\cvaux100.dll <Not Verified; Intel Corporation.; Intel® Open Source Computer Vision Library>
2008-06-15 14:48:08 1355776 --a------ C:\WINDOWS\system32\cv100d.dll <Not Verified; Intel Corporation.; Intel® Open Source Computer Vision Library>
2008-06-15 14:48:08 724992 --a------ C:\WINDOWS\system32\cv100.dll <Not Verified; Intel Corporation.; Intel® Open Source Computer Vision Library>
2008-06-15 13:37:01 0 d-------- C:\Program Files\OpenCV
2008-05-30 18:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 18:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-27 23:38:22 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-27 23:38:17 0 d-------- C:\Documents and Settings\Harold\Application Data\SystemRequirementsLab
2008-05-27 21:56:03 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-22 17:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 17:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 17:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 17:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-21 11:02:00 0 d-------- C:\Program Files\Trend Micro
2008-06-19 00:54:50 0 d-------- C:\Program Files\Common Files
2008-06-11 01:24:22 0 d-------- C:\Documents and Settings\Harold\Application Data\LimeWire
2008-06-08 01:27:52 0 d-------- C:\Program Files\DivX
2008-06-06 03:06:19 0 d-------- C:\Program Files\The Weather Channel FW
2008-05-28 12:28:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 12:39:17 230749 --a------ C:\WINDOWS\Cole2k_Media_Toolbar_Uninstaller_4281.exe <Not Verified; Cole2k Media; Cole2k Media - Codec Pack (Standard)>
2008-05-14 12:39:17 0 d-------- C:\Program Files\Cole2k Media Toolbar
2008-05-05 22:00:51 0 d-------- C:\Program Files\mIRC
2008-05-02 04:01:36 0 d-------- C:\Program Files\Java
2008-04-26 04:32:35 0 d-------- C:\Documents and Settings\Harold\Application Data\MySpace
2008-04-26 04:32:24 0 d-------- C:\Program Files\MySpace
2008-04-14 14:07:51 256 --a------ C:\WINDOWS\system32\pool.bin
2008-03-29 18:22:47 96577 --a------ C:\WINDOWS\hpqins16.dat
2008-03-21 06:23:11 46 --a------ C:\xmp.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28F51CDA-3BD1-4F06-8F7B-2A881411983F}]
06/19/2008 01:02 AM 13312 --a------ C:\WINDOWS\system32\dadef.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
06/03/2008 04:17 PM 86032 --a------ C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [03/11/2005 06:03 PM C:\WINDOWS\system32\TDispVol.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/16/2005 03:32 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/28/2005 12:55 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/28/2005 12:52 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/28/2005 12:55 AM]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 04:56 PM]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [01/05/2006 05:02 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [12/16/2005 03:34 AM]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [08/18/2004 06:37 AM]
"AGRSMMSG"="AGRSMMSG.exe" [10/15/2005 09:29 AM C:\WINDOWS\agrsmmsg.exe]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [11/30/2005 03:25 PM]
"TPSMain"="TPSMain.exe" [06/01/2005 12:00 AM C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/26/2005 07:13 PM]
"dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [10/06/2005 08:20 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/05/2005 03:37 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [11/28/2005 02:41 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [11/17/2006 07:14 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [09/14/2006 02:00 AM]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [09/14/2006 02:00 AM]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [09/14/2006 02:00 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/16/2007 02:07 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/16/2007 03:20 AM]
"WD Button Manager"="WDBtnMgr.exe" [07/06/2007 09:13 PM C:\WINDOWS\system32\WDBtnMgr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 04:42 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [04/28/2008 05:14 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 05:29 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 07:00 AM]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [12/30/2004 03:32 AM]
"Steam"="c:\program files\valve\steam\steam.exe" [03/29/2008 06:07 PM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [11/12/2006 05:48 AM]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 06:07 PM]

C:\Documents and Settings\Harold\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Sprint music manager\MEMonitor.exe [8/28/2007 4:54:45 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [12/7/2005 5:01:32 PM]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [10/20/2005 7:55:40 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2/15/2006 11:31:42 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bdf0089-ed41-11dc-8bc0-0018de2fa546}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ed36480-8d52-11db-8b11-00a0d156c3f6}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ed36481-8d52-11db-8b11-00a0d156c3f6}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49d4bcdb-943d-11db-8b13-0018de2fa546}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6acf596f-a9da-11db-8b45-0018de2fa546}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75a6e323-72a6-11dc-8ba0-0018de2fa546}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{835ac02b-e96d-11db-8b68-0018de2fa546}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9e4a892-b590-11db-8b4c-0018de2fa546}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9e75f55-06f9-11dc-8b6c-0018de2fa546}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bac05fa9-37af-11dd-8bd1-0018de2fa546}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-06-21 14:16:13 ------------




THIS IS THE EXTRA.TXT




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5500 @ 1.66GHz
CPU 1: Intel® Core™2 CPU T5500 @ 1.66GHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 1013.98 MiB / 367.77 MiB
Pagefile Memory (total/avail): 2441.98 MiB / 1816.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.46 MiB

C: is Fixed (NTFS) - 148.8 GiB total, 61.1 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2160BT PL - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 148.8 GiB - C:
\PARTITION1 - Unknown - 251.02 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\IVP\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\ehome\\ehshell.exe"="C:\\WINDOWS\\ehome\\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\devenv.exe"="C:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\devenv.exe:*:Enabled:Microsoft Visual Studio 2005"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\Retrospect.exe"="C:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\Retrospect.exe:*:Enabled:Retrospect Express HD"
"C:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\retrorun.exe"="C:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\retrorun.exe:*:Enabled:Retrospect Express HD Launcher service"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Valve\\Steam\\steam.exe"="C:\\Program Files\\Valve\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Harold\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TOSHIBA-USER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
GETMODEL=Satellite A105
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Harold
LOGONSERVER=\\TOSHIBA-USER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\OpenCV\bin;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Harold\LOCALS~1\Temp
TMP=C:\DOCUME~1\Harold\LOCALS~1\Temp
USERDOMAIN=TOSHIBA-USER
USERNAME=Harold
USERPROFILE=C:\Documents and Settings\Harold
VERNUM=PSAA8U-1L502KR
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Harold (admin)
MCX1
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4U AVI MPEG Converter (version 5.2.6) --> "C:\Program Files\4U Computing\AVI MPEG Converter\unins000.exe"
AC3 Decoder --> C:\Program Files\Mediatwins software\AC3 Decoder\uninstall.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Cole2k Media - Codec Pack (Standard) 6.1.0 --> C:\WINDOWS\system32\C2MP\Uninst.exe
Cole2k Media Toolbar --> "C:\WINDOWS\Cole2k_Media_Toolbar_Uninstaller_4281.exe" _?=C:\Program Files\Cole2k Media Toolbar
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Desktop Dialer --> C:\WINDOWS\unvise32.exe C:\Program Files\DesktopDialer\uninstal.log
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD-RAM Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
GIMP 2.4.6 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® Open Source Computer Vision Library 1.0 --> "C:\Program Files\OpenCV\unins000.exe"
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Development Kit 6 Update 4 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160040}
LG USB Modem Drivers --> MsiExec.exe /I{FA02ACAC-9E14-4878-A257-92A22A647C2C}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Matroska Pack - Lazy Man's MKV 0.9.9 --> "C:\Program Files\LD-Anime\unins000.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Media Center Extender --> c:\WINDOWS\eHome\DvcConn.exe /uninstall
Media Center Extender --> MsiExec.exe /I{23FE964A-853B-4176-86D7-9E18B5CA1FC0}
Mega Manager --> C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
MegaUpload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1 --> "C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003 --> MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN Toolbar --> MsiExec.exe /I{3B438F0E-21BE-4E80-B921-5A9AA4DAA402}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 8 Trial --> MsiExec.exe /X{3C5F1B30-B10B-4579-86DD-D00F662E1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetBeans IDE 6.0 --> "C:\Program Files\NetBeans 6.0\uninstall.exe"
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
PCLink2000 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA111803-1B64-4DCE-B75D-55C57832A7DA}\Setup.exe" -l0x12
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Retrospect Express HD 2.0 --> MsiExec.exe /I{5D652EC3-8AC0-41E7-B337-162BC7B01148}
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
SAMSUNG CDMA Modem Driver Set --> C:\Program Files\SAMSUNG CDMA Modem\drivers\SSCDUninstall.exe
Samsung Contacts Copier --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FECB001A-62F8-4E84-8FD0-4B963D039A63}\setup.exe" -l0x9 -removeonly
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
SD Secure Module --> MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB925674) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {124D38C7-5BE5-4D4E-8D6D-9F10DC6B6D11} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937060) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {78DD9A0A-4AE1-46D0-B9A6-578EFCA47A3C} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Step By Step Interactive Training (KB898458) -->
Shop for HP Supplies --> C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sprint music manager --> C:\PROGRA~1\SPRINT~1\Setup.exe /remove /q0
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Starcraft --> C:\WINDOWS\scunin.exe C:\WINDOWS\scunin.dat
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
The Weather Channel Desktop 6 --> C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Hotkey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9
Toshiba Media Center Game Console --> MsiExec.exe /I{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}
TOSHIBA PC Diagnostic Tool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
Toshiba Registration --> MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA SD Memory Card Format --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA TouchPad ON/Off Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9
TOSHIBA TV Tuner 4.0.12.73 --> C:\Program Files\AVerMedia\TOSHIBA TV Tuner\uninst.exe
TOSHIBA Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9
TOSHIBA Virtual Sound --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Trend Micro Antivirus --> MsiExec.exe /X{3ACF3AF1-8DBC-4EFB-AF03-37E212DDA83C}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
VideoLAN VLC media player 0.8.2 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora Xbox 360 Converter 2.20 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
Videora Xbox360 Converter 0.81 --> C:\Program Files\VideoraXbox360Converter\uninst.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\FRAMEW~1\wxfw.cpl,4
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows XP Media Center Edition 2005 KB888316 --> C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB894553 --> C:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678 --> C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB905589 --> "C:\WINDOWS\$NtUninstallKB905589$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type803 / Error
Event Submitted/Written: 06/21/2008 02:15:29 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type794 / Success
Event Submitted/Written: 06/21/2008 00:05:02 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type761 / Warning
Event Submitted/Written: 06/21/2008 10:50:35 AM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Event Record #/Type738 / Success
Event Submitted/Written: 06/21/2008 10:45:07 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type710 / Warning
Event Submitted/Written: 06/21/2008 10:21:50 AM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type114237 / Error
Event Submitted/Written: 06/21/2008 10:20:28 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 10.202.0.70 for the Network Card with network address 0018DE2FA546 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type114112 / Error
Event Submitted/Written: 06/20/2008 11:07:44 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.103 for the Network Card with network address 0018DE2FA546 has been
denied by the DHCP server 172.30.1.3 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type113323 / Warning
Event Submitted/Written: 06/19/2008 04:10:47 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type113126 / Error
Event Submitted/Written: 06/18/2008 03:03:14 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 10.202.0.70 for the Network Card with network address 0018DE2FA546 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type112520 / Error
Event Submitted/Written: 06/17/2008 05:06:49 PM
Event ID/Source: 32003 / ipnathlp
Event Description:
The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.



-- End of Deckard's System Scanner: finished at 2008-06-21 14:16:13 ------------

Thanks again for all the help.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:57 PM

Posted 21 June 2008 - 03:27 PM

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\dadef.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


=================


You are running an older version of Java. This can be a security risk so let's get you the latest version.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

===============



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Also post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 GeneStarwin

GeneStarwin
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 22 June 2008 - 08:44 AM

OTMoveIT log:

C:\WINDOWS\system32\dadef.dll unregistered successfully.
C:\WINDOWS\system32\dadef.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06222008_012552



SuperAntiSpyware log


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/22/2008 at 03:37 AM

Application Version : 4.15.1000

Core Rules Database Version : 3487
Trace Rules Database Version: 1478

Scan type : Complete Scan
Total Scan Time : 02:17:45

Memory items scanned : 605
Memory threats detected : 0
Registry items scanned : 8708
Registry threats detected : 7
File items scanned : 107356
File threats detected : 2

Trojan.Unclassified/BhoApp-A
HKLM\Software\Classes\CLSID\{28F51CDA-3BD1-4F06-8F7B-2A881411983F}
HKCR\CLSID\{28F51CDA-3BD1-4F06-8F7B-2A881411983F}
HKCR\CLSID\{28F51CDA-3BD1-4F06-8F7B-2A881411983F}
HKCR\CLSID\{28F51CDA-3BD1-4F06-8F7B-2A881411983F}\InprocServer32
HKCR\CLSID\{28F51CDA-3BD1-4F06-8F7B-2A881411983F}\InprocServer32#ThreadingModel
HKCR\CLSID\{28F51CDA-3BD1-4F06-8F7B-2A881411983F}\Programmable
HKCR\CLSID\{28F51CDA-3BD1-4F06-8F7B-2A881411983F}\TypeLib
C:\WINDOWS\SYSTEM32\DADEF.DLL
C:\_OTMOVEIT\MOVEDFILES\06222008_012552\WINDOWS\SYSTEM32\DADEF.DLL

Adware.Tracking Cookie
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
ar.atwola.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ar.atwola.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.glb.adtechus.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.2mdn.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.bluestreak.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
anat.tacoda.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
anad.tacoda.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
stats.gamestop.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-oreilly.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-oreilly.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.msnservices.112.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.clicksor.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ads.clicksor.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.clicksor.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
data.coremetrics.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.estat.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.yieldmanager.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.prospect.adbureau.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.prospect.adbureau.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.prospect.adbureau.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.prospect.adbureau.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ads.adbrite.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
stats.sphere.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.videoegg.adbureau.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
www.findstuff.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.nintendo.112.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.divx.112.2o7.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.myroitracking.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.azjmp.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.cgm.adbureau.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.cgm.adbureau.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.cgm.adbureau.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.cgm.adbureau.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.cgm.adbureau.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.cgm.adbureau.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.cgm.adbureau.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.antivirus-scanner.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.antivirus-scanner.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.antivirus-scanner.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.antivirus-scanner.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.adecn.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.pro-market.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.pro-market.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.pro-market.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.pro-market.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
www.advertyz.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
www.usefultraffic.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
www.advertyz.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
www.advertyz.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
www.advertyz.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
www.advertyz.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
www.advertyz.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
ad1.clickhype.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.lightninghits-traffic.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.network.realmedia.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
optimize.indieclick.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.ehg-meevee.hitbox.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
www1.addfreestats.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
stat.dealtime.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.stats.adbrite.com [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.tremor.adbureau.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]
.clickbank.net [ C:\Documents and Settings\Harold\Application Data\Mozilla\Firefox\Profiles\giwvkn8b.default\cookies.txt ]



Main.txt


Deckard's System Scanner v20071014.68
Run by Harold on 2008-06-22 08:41:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Harold.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:46 AM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\ehome\RMSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Harold\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Harold.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] "C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {1B813CA6-B54F-459E-9720-9A42BF981975} - file:///C:/Program%20Files/BitLord/Downloads/Coldplay%20-%20Viva%20La%20Vida%20or%20Death%20and%20All%20His%20Friends%20[2008]%20-%20320Kbps%20-%20NEW%20ALBUM/codec.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - G:\Ceedo\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 14267 bytes

-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-22 01:10:38 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-22 01:10:18 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-22 01:10:18 0 d-------- C:\Documents and Settings\Harold\Application Data\SUPERAntiSpyware.com
2008-06-22 01:09:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-22 01:07:10 0 d-------- C:\Documents and Settings\Harold\.SunDownloadManager
2008-06-21 13:14:16 0 d-------- C:\Documents and Settings\Harold\Application Data\gtk-2.0
2008-06-21 13:14:15 0 d-------- C:\Documents and Settings\Harold\.thumbnails
2008-06-21 13:12:01 0 d-------- C:\Documents and Settings\Harold\.gimp-2.4
2008-06-21 13:10:34 0 d-------- C:\Program Files\GIMP-2.0
2008-06-20 11:54:16 0 d-------- C:\WINDOWS\CSC
2008-06-20 11:51:42 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-19 12:37:44 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-19 12:30:21 68096 --a------ C:\WINDOWS\zip.exe
2008-06-19 12:30:21 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-19 12:30:21 98816 --a------ C:\WINDOWS\sed.exe
2008-06-19 12:30:21 80412 --a------ C:\WINDOWS\grep.exe
2008-06-19 12:30:20 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-19 12:30:20 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-19 12:30:20 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-19 12:30:20 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-19 01:06:43 0 d-------- C:\Documents and Settings\Harold\Application Data\Nero
2008-06-19 00:54:51 0 d-------- C:\Program Files\Nero
2008-06-19 00:54:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-19 00:54:50 0 d-------- C:\Program Files\Common Files\Nero
2008-06-15 14:48:08 425984 --a------ C:\WINDOWS\system32\ml100d.dll
2008-06-15 14:48:08 233472 --a------ C:\WINDOWS\system32\ml100.dll
2008-06-15 14:48:08 864256 --a------ C:\WINDOWS\system32\highgui100d.dll <Not Verified; Intel Corporation; Intel® Open Source Computer Vision Library.>
2008-06-15 14:48:08 622592 --a------ C:\WINDOWS\system32\highgui100.dll <Not Verified; Intel Corporation; Intel® Open Source Computer Vision Library.>
2008-06-15 14:48:08 208896 --a------ C:\WINDOWS\system32\cxts001d.dll
2008-06-15 14:48:08 118784 --a------ C:\WINDOWS\system32\cxts001.dll
2008-06-15 14:48:08 1634304 --a------ C:\WINDOWS\system32\cxcore100d.dll <Not Verified; Intel Corporation.; Intel® Open Source Computer Vision Library>
2008-06-15 14:48:08 933888 --a------ C:\WINDOWS\system32\cxcore100.dll <Not Verified; Intel Corporation.; Intel® Open Source Computer Vision Library>
2008-06-15 14:48:08 929792 --a------ C:\WINDOWS\system32\cvaux100d.dll <Not Verified; Intel Corporation.; Intel® Open Source Computer Vision Library>
2008-06-15 14:48:08 466944 --a------ C:\WINDOWS\system32\cvaux100.dll <Not Verified; Intel Corporation.; Intel® Open Source Computer Vision Library>
2008-06-15 14:48:08 1355776 --a------ C:\WINDOWS\system32\cv100d.dll <Not Verified; Intel Corporation.; Intel® Open Source Computer Vision Library>
2008-06-15 14:48:08 724992 --a------ C:\WINDOWS\system32\cv100.dll <Not Verified; Intel Corporation.; Intel® Open Source Computer Vision Library>
2008-06-15 13:37:01 0 d-------- C:\Program Files\OpenCV
2008-05-30 18:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 18:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-27 23:38:22 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-27 23:38:17 0 d-------- C:\Documents and Settings\Harold\Application Data\SystemRequirementsLab
2008-05-27 21:56:03 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-22 17:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 17:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 17:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 17:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-22 01:09:44 0 d-------- C:\Program Files\Common Files
2008-06-22 01:04:58 0 d-------- C:\Program Files\Java
2008-06-21 11:02:00 0 d-------- C:\Program Files\Trend Micro
2008-06-11 01:24:22 0 d-------- C:\Documents and Settings\Harold\Application Data\LimeWire
2008-06-08 01:27:52 0 d-------- C:\Program Files\DivX
2008-06-06 03:06:19 0 d-------- C:\Program Files\The Weather Channel FW
2008-05-28 12:28:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 12:39:17 230749 --a------ C:\WINDOWS\Cole2k_Media_Toolbar_Uninstaller_4281.exe <Not Verified; Cole2k Media; Cole2k Media - Codec Pack (Standard)>
2008-05-14 12:39:17 0 d-------- C:\Program Files\Cole2k Media Toolbar
2008-05-05 22:00:51 0 d-------- C:\Program Files\mIRC
2008-04-26 04:32:35 0 d-------- C:\Documents and Settings\Harold\Application Data\MySpace
2008-04-26 04:32:24 0 d-------- C:\Program Files\MySpace
2008-04-14 14:07:51 256 --a------ C:\WINDOWS\system32\pool.bin
2008-03-29 18:22:47 96577 --a------ C:\WINDOWS\hpqins16.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
06/03/2008 04:17 PM 86032 --a------ C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [03/11/2005 06:03 PM C:\WINDOWS\system32\TDispVol.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/16/2005 03:32 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/28/2005 12:55 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/28/2005 12:52 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/28/2005 12:55 AM]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 04:56 PM]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [01/05/2006 05:02 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [12/16/2005 03:34 AM]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [08/18/2004 06:37 AM]
"AGRSMMSG"="AGRSMMSG.exe" [10/15/2005 09:29 AM C:\WINDOWS\agrsmmsg.exe]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [11/30/2005 03:25 PM]
"TPSMain"="TPSMain.exe" [06/01/2005 12:00 AM C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/26/2005 07:13 PM]
"dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [10/06/2005 08:20 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/05/2005 03:37 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [11/28/2005 02:41 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [11/17/2006 07:14 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [09/14/2006 02:00 AM]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [09/14/2006 02:00 AM]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [09/14/2006 02:00 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/16/2007 02:07 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/16/2007 03:20 AM]
"WD Button Manager"="WDBtnMgr.exe" [07/06/2007 09:13 PM C:\WINDOWS\system32\WDBtnMgr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [04/28/2008 05:14 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 05:29 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 07:00 AM]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [12/30/2004 03:32 AM]
"Steam"="c:\program files\valve\steam\steam.exe" [03/29/2008 06:07 PM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [11/12/2006 05:48 AM]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 06:07 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

C:\Documents and Settings\Harold\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Sprint music manager\MEMonitor.exe [8/28/2007 4:54:45 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [12/7/2005 5:01:32 PM]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [10/20/2005 7:55:40 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2/15/2006 11:31:42 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bdf0089-ed41-11dc-8bc0-0018de2fa546}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ed36480-8d52-11db-8b11-00a0d156c3f6}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ed36481-8d52-11db-8b11-00a0d156c3f6}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49d4bcdb-943d-11db-8b13-0018de2fa546}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6acf596f-a9da-11db-8b45-0018de2fa546}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75a6e323-72a6-11dc-8ba0-0018de2fa546}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{835ac02b-e96d-11db-8b68-0018de2fa546}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9e4a892-b590-11db-8b4c-0018de2fa546}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9e75f55-06f9-11dc-8b6c-0018de2fa546}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bac05fa9-37af-11dd-8bd1-0018de2fa546}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-06-22 08:42:12 ------------

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:57 PM

Posted 22 June 2008 - 05:23 PM

Your log looks much better. How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 GeneStarwin

GeneStarwin
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 22 June 2008 - 10:03 PM

It is performing smoothly, thanks !

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:57 PM

Posted 23 June 2008 - 07:26 AM

Excellent! Now let's clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

And here are some recommendations to keep you safe and secure going forward.


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:57 PM

Posted 03 July 2008 - 05:40 PM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users