Trojan won't go away!
I have a trojan collected 11B that continues to persist even though I have healed it many times. What can I do to get rid of this and all its pop ups?
TIA
TIA
0
Comments
* Click here to download HijackThis.exe
* Save HijackThis.exe to your desktop.
* Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.
* Then rename HijackThis.exe to Scanner.exe
* Run Scanner.exe
* Click on the Do a system scan and save a log file -button. It will scan and then ask you to save the log.
* Click Save to save the log file and then the log will open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
* Come back here to this thread and Paste the log in your next reply.
* DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Logfile of HijackThis v1.99.1
Scan saved at 8:05:32 PM, on 4/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Joi Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8777;http=localhost:8777;https=localhost:8777
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .lio: c:\PROGRA~1\INTERN~1\plugins\Npmad32l.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Arcsoft Web Uploader - http://www.hpphoto.com/downloads/ReadFileApplet.cab
O16 - DPF: Dialpad US Java Applet - http://dialpad.com/applet/src/vscp.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt0_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt0_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt0_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt0_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.games.yahoo.com/games/clients/y/ft0_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://204.168.68.163/pfr/tdserver.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - https://tasktypes.com/winscribe/Setup/Typist/setup.exe
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126139634203
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v41/wordcube/wordcube.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d2c89f68a1bb5a/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7783A65D-275D-42FB-8CBF-722E42003FB6} (WPActiveX Control) - http://207.44.141.108/wp/wpax.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://www.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - https://tasktypes.com/winscribe/setup/typist/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://cmmonline.emc.uq.edu.au/activex/AxisCamControl.ocx
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{A79A9517-A06B-4AED-A6DA-A9985824258A}: Domain = HughesNet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A79A9517-A06B-4AED-A6DA-A9985824258A}: NameServer = 66.82.4.8,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD75744B-6243-419B-90DD-B16BE33E15CC}: Domain = HughesNet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD75744B-6243-419B-90DD-B16BE33E15CC}: NameServer = 66.82.4.8
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
C:\vundofix.txt:
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 12:16:16 AM 4/16/2007
Listing files found while scanning....
C:\WINDOWS\SYSTEM32\fpygffav.dll
C:\WINDOWS\system32\kmllm.bak1
C:\WINDOWS\system32\kmllm.bak2
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\SYSTEM32\ocxiyjml.dll
C:\WINDOWS\SYSTEM32\pwkkqhau.dll
C:\WINDOWS\SYSTEM32\tgefwumc.dll
C:\WINDOWS\SYSTEM32\uahqkkwp.ini
C:\WINDOWS\SYSTEM32\ujyqwqpr.exe
C:\WINDOWS\SYSTEM32\uowygwuv.dll
C:\WINDOWS\SYSTEM32\uxlteoha.dll
C:\WINDOWS\SYSTEM32\yayabyw.dll
C:\WINDOWS\SYSTEM32\ysxssjkl.dll
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\fpygffav.dll
C:\WINDOWS\SYSTEM32\fpygffav.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kmllm.bak1
C:\WINDOWS\system32\kmllm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\kmllm.bak2
C:\WINDOWS\system32\kmllm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\kmllm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\mllmk.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\ocxiyjml.dll
C:\WINDOWS\SYSTEM32\ocxiyjml.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\pwkkqhau.dll
C:\WINDOWS\SYSTEM32\pwkkqhau.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\tgefwumc.dll
C:\WINDOWS\SYSTEM32\tgefwumc.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\uahqkkwp.ini
C:\WINDOWS\SYSTEM32\uahqkkwp.ini Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\ujyqwqpr.exe
C:\WINDOWS\SYSTEM32\ujyqwqpr.exe Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\uowygwuv.dll
C:\WINDOWS\SYSTEM32\uowygwuv.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\uxlteoha.dll
C:\WINDOWS\SYSTEM32\uxlteoha.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\yayabyw.dll
C:\WINDOWS\SYSTEM32\yayabyw.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\ysxssjkl.dll
C:\WINDOWS\SYSTEM32\ysxssjkl.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 12:38:28 AM 4/16/2007
Listing files found while scanning....
After Running VundoFix Hijack This Log:
Logfile of HijackThis v1.99.1
Scan saved at 12:43:31 AM, on 4/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\VundoFix.exe
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Joi Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8777;http=localhost:8777;https=localhost:8777
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1173DAEC-A7F7-4B0C-BD77-1EF36F5F35A9} - (no file)
O2 - BHO: (no name) - {1423C399-E8AA-4C86-B109-84B023FD8329} - (no file)
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {42C4876B-3099-4D82-841C-DA45E4ED435C} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\yayabyw.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B1F1B9C7-4195-472D-920A-DC578AE358B0} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: (no name) - {B7265E1F-BAB7-4609-BBBA-B74BD09D9EE1} - (no file)
O2 - BHO: (no name) - {CD5A1D64-BD27-4DB2-AB85-FF3FE51B90E2} - (no file)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .lio: c:\PROGRA~1\INTERN~1\plugins\Npmad32l.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Arcsoft Web Uploader - http://www.hpphoto.com/downloads/ReadFileApplet.cab
O16 - DPF: Dialpad US Java Applet - http://dialpad.com/applet/src/vscp.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt0_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt0_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt0_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt0_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.games.yahoo.com/games/clients/y/ft0_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://204.168.68.163/pfr/tdserver.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - https://tasktypes.com/winscribe/Setup/Typist/setup.exe
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126139634203
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v41/wordcube/wordcube.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d2c89f68a1bb5a/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7783A65D-275D-42FB-8CBF-722E42003FB6} (WPActiveX Control) - http://207.44.141.108/wp/wpax.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://www.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - https://tasktypes.com/winscribe/setup/typist/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://cmmonline.emc.uq.edu.au/activex/AxisCamControl.ocx
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{A79A9517-A06B-4AED-A6DA-A9985824258A}: Domain = HughesNet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A79A9517-A06B-4AED-A6DA-A9985824258A}: NameServer = 66.82.4.8,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD75744B-6243-419B-90DD-B16BE33E15CC}: Domain = HughesNet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD75744B-6243-419B-90DD-B16BE33E15CC}: NameServer = 66.82.4.8
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: pmnnk - C:\WINDOWS\
O20 - Winlogon Notify: vtstu - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Please rename HijackThis.exe to Scanner.exe
Please download AVG anti-spyware to your Desktop or to your usual Download Folder, from HERE
- Install AVG Anti-Spyware by double clicking the installer.
- Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
- On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
- Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG.AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Don't run a scan yet.
Open HijackThis, press do a system scan only, checkmark these lines:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {1173DAEC-A7F7-4B0C-BD77-1EF36F5F35A9} - (no file)
O2 - BHO: (no name) - {1423C399-E8AA-4C86-B109-84B023FD8329} - (no file)
O2 - BHO: (no name) - {42C4876B-3099-4D82-841C-DA45E4ED435C} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\yayabyw.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B1F1B9C7-4195-472D-920A-DC578AE358B0} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: (no name) - {B7265E1F-BAB7-4609-BBBA-B74BD09D9EE1} - (no file)
O2 - BHO: (no name) - {CD5A1D64-BD27-4DB2-AB85-FF3FE51B90E2} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O20 - Winlogon Notify: pmnnk - C:\WINDOWS\
O20 - Winlogon Notify: vtstu - C:\WINDOWS\
Next, close all window and press Fix checked.
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
Once in Safe Mode:RUN AVG ANTI-SPYWARE
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
- Click on Scanner on the toolbar.
- Click on the Settings tab.
- Under How to act?
- Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
- All checkboxes should be ticked.
- Under Possibly unwanted software:
- All checkboxes should be ticked.
- Under Reports:
- Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
- Select Scan every file.
- Click on the Scan tab.
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
- When the scan has finished, follow the instructions below.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
- When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Please Update your Java and Remove old Java Versions
- Download the latest version of Java Runtime Environment (JRE) 6u1 .<== scroll down the list to find THIS entry
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement".
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Remove older Java Versions:- Close any programs you may have running - especially your web browser.
- Go to Start >> Control Panel double-click on Add/Remove Programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
Install latest Java Version:- From your desktop, double-click on jre-6-windows-i586.exe to install the newest version.
Post a fresh HijackThis log and AVG Anti-Spyware report.HijackThis log file:
Logfile of HijackThis v1.99.1
Scan saved at 10:07:29 PM, on 4/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Joi Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8777;http=localhost:8777;https=localhost:8777
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .lio: c:\PROGRA~1\INTERN~1\plugins\Npmad32l.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Arcsoft Web Uploader - http://www.hpphoto.com/downloads/ReadFileApplet.cab
O16 - DPF: Dialpad US Java Applet - http://dialpad.com/applet/src/vscp.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt0_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt0_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt0_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt0_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.games.yahoo.com/games/clients/y/ft0_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://204.168.68.163/pfr/tdserver.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - https://tasktypes.com/winscribe/Setup/Typist/setup.exe
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126139634203
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v41/wordcube/wordcube.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d2c89f68a1bb5a/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7783A65D-275D-42FB-8CBF-722E42003FB6} (WPActiveX Control) - http://207.44.141.108/wp/wpax.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://www.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - https://tasktypes.com/winscribe/setup/typist/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://cmmonline.emc.uq.edu.au/activex/AxisCamControl.ocx
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{A79A9517-A06B-4AED-A6DA-A9985824258A}: Domain = HughesNet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A79A9517-A06B-4AED-A6DA-A9985824258A}: NameServer = 66.82.4.8,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD75744B-6243-419B-90DD-B16BE33E15CC}: Domain = HughesNet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD75744B-6243-419B-90DD-B16BE33E15CC}: NameServer = 66.82.4.8
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
AVG Anti-Spyware log:
AVG Anti-Spyware - Scan Report
+ Created at: 8:42:26 PM 4/16/2007
+ Scan result:
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1943\A0516353.exe -> Adware.IGetNet : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{68FF9E0F-2E96-4467-87FA-1A8B9734C7E7} -> Adware.SpyBlocs : Cleaned.
C:\Documents and Settings\Owner\My Documents\incredimail_install.exe -> Not-A-Virus.Downloader.Win32.ImLoader.c : Ignored.
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1943\A0518393.exe -> Not-A-Virus.Downloader.Win32.ImLoader.c : Ignored.
C:\Program Files\Doctor Alex\Undo\owner247realmedia1.zip/owner@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\owner2o71.zip/owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Doctor Alex\Undo\owner2o710.zip/owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Doctor Alex\Undo\owner2o711.zip/owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Doctor Alex\Undo\owner2o712.zip/owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Doctor Alex\Undo\owner2o72.zip/owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Doctor Alex\Undo\owner7search2.zip/owner@7search[2].txt -> TrackingCookie.7search : Cleaned.
C:\Program Files\Doctor Alex\Undo\owner7search20.zip/owner@7search[2].txt -> TrackingCookie.7search : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradtech2.zip/owner@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.23:C:\Documents and Settings\Robin's College Acct\Application Data\Mozilla\Profiles\default\fuzxaao4.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Robin's College Acct\Application Data\Mozilla\Profiles\default\fuzxaao4.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Robin's College Acct\Application Data\Mozilla\Profiles\default\fuzxaao4.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\Robin's College Acct\Application Data\Mozilla\Profiles\default\fuzxaao4.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\Robin's College Acct\Application Data\Mozilla\Profiles\default\fuzxaao4.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising1.zip/owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising10.zip/owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising11.zip/owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising12.zip/owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising13.zip/owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising14.zip/owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising15.zip/owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising16.zip/owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising2.zip/owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising20.zip/owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising21.zip/owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising22.zip/owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising23.zip/owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising24.zip/owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising25.zip/owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising26.zip/owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising27.zip/owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising28.zip/owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising29.zip/owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneradvertising3.zip/owner@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\Robin's College Acct\Application Data\Mozilla\Profiles\default\fuzxaao4.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt1.zip/owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt10.zip/owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt11.zip/owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt2.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt20.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt21.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt210.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt211.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt212.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt213.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt214.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt215.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt22.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt23.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt24.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt25.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt26.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt27.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt28.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt29.zip/owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt3.zip/owner@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt30.zip/owner@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt31.zip/owner@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneratdmt32.zip/owner@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerbfast1.zip/owner@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerbfast2.zip/owner@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerbfast20.zip/owner@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerbfast21.zip/owner@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerciti.zip/owner@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerciti0.zip/owner@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerciti1.zip/owner@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia1.zip/owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia10.zip/owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia11.zip/owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia12.zip/owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia13.zip/owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia2.zip/owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia20.zip/owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia21.zip/owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia22.zip/owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia23.zip/owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia24.zip/owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia25.zip/owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia26.zip/owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia27.zip/owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia28.zip/owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia29.zip/owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia3.zip/owner@casalemedia[3].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercasalemedia30.zip/owner@casalemedia[3].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerclickbank1.zip/owner@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercom1.zip/owner@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercom10.zip/owner@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercom11.zip/owner@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercom12.zip/owner@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercom13.zip/owner@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercom14.zip/owner@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownercom2.zip/owner@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdata.zip/owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdata0.zip/owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdata1.zip/owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdata2.zip/owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerstat.zip/owner@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.22:C:\Documents and Settings\Robin's College Acct\Application Data\Mozilla\Profiles\default\fuzxaao4.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick1.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick10.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick11.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick110.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick111.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick112.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick113.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick12.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick13.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick14.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick15.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick16.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick17.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick18.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick19.zip/owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick2.zip/owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick20.zip/owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick21.zip/owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick22.zip/owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick23.zip/owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick24.zip/owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick25.zip/owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerdoubleclick26.zip/owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneras-us.zip/owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneras-us0.zip/owner@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.28:C:\Documents and Settings\Robin's College Acct\Application Data\Mozilla\Profiles\default\fuzxaao4.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.29:C:\Documents and Settings\Robin's College Acct\Application Data\Mozilla\Profiles\default\fuzxaao4.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.30:C:\Documents and Settings\Robin's College Acct\Application Data\Mozilla\Profiles\default\fuzxaao4.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Robin's College Acct\Application Data\Mozilla\Profiles\default\fuzxaao4.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick1.zip/owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick10.zip/owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick11.zip/owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick12.zip/owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick13.zip/owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick2.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick20.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick21.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick210.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick22.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick23.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick24.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick25.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick26.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick27.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick28.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick29.zip/owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfastclick3.zip/owner@fastclick[3].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfindwhat1.zip/owner@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerfortunecity2.zip/owner@fortunecity[2].txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-maniatv.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerhitbox2.zip/owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerhotlog1.zip/owner@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownermediaplex1.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownermediaplex10.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownermediaplex11.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownermediaplex110.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownermediaplex111.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownermediaplex112.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownermediaplex12.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownermediaplex13.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownermediaplex14.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownermediaplex15.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownermediaplex16.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownermediaplex17.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownermediaplex18.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownermediaplex19.zip/owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownermediaplex2.zip/owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownermediaplex20.zip/owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerqksrv2.zip/owner@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerqksrv20.zip/owner@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerqksrv21.zip/owner@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerquestionmarket1.zip/owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerquestionmarket10.zip/owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerquestionmarket11.zip/owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerquestionmarket12.zip/owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerquestionmarket2.zip/owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerquestionmarket20.zip/owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerquestionmarket21.zip/owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerquestionmarket22.zip/owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerquestionmarket23.zip/owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerquestionmarket24.zip/owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerquestionmarket25.zip/owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerquestionmarket26.zip/owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerquestionmarket27.zip/owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerquestionmarket28.zip/owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerrealmedia1.zip/owner@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerweb4.zip/owner@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.43:C:\Documents and Settings\Robin's College Acct\Application Data\Mozilla\Profiles\default\fuzxaao4.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.44:C:\Documents and Settings\Robin's College Acct\Application Data\Mozilla\Profiles\default\fuzxaao4.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Doctor Alex\Undo\owneredge.zip/owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerbs.zip/owner@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerserving-sys1.zip/owner@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerserving-sys10.zip/owner@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerserving-sys11.zip/owner@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerserving-sys12.zip/owner@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerserving-sys13.zip/owner@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerserving-sys2.zip/owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerserving-sys20.zip/owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerserving-sys21.zip/owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerspecificclick1.zip/owner@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerspylog1.zip/owner@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerstatcounter1.zip/owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerstatcounter10.zip/owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerstatcounter11.zip/owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerstatcounter2.zip/owner@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerstatcounter20.zip/owner@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerstatcounter21.zip/owner@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertacoda1.zip/owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertradedoubler1.zip/owner@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertradedoubler10.zip/owner@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertradedoubler11.zip/owner@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertradedoubler12.zip/owner@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertradedoubler13.zip/owner@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertradedoubler14.zip/owner@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertradedoubler2.zip/owner@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertradedoubler20.zip/owner@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp1.zip/owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp10.zip/owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp11.zip/owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp12.zip/owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp13.zip/owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp14.zip/owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp2.zip/owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp20.zip/owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp21.zip/owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp210.zip/owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp22.zip/owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp23.zip/owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp24.zip/owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp25.zip/owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp26.zip/owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp27.zip/owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp28.zip/owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp29.zip/owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp3.zip/owner@trafficmp[3].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertrafficmp30.zip/owner@trafficmp[3].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertribalfusion1.zip/owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertribalfusion10.zip/owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertribalfusion11.zip/owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertribalfusion12.zip/owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertribalfusion13.zip/owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertribalfusion14.zip/owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertribalfusion15.zip/owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertribalfusion2.zip/owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertribalfusion20.zip/owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertribalfusion21.zip/owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertribalfusion22.zip/owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertribalfusion23.zip/owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertribalfusion24.zip/owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertribalfusion25.zip/owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertribalfusion26.zip/owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertribalfusion3.zip/owner@tribalfusion[3].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownertribalfusion30.zip/owner@tribalfusion[3].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownervalueclick1.zip/owner@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownervalueclick2.zip/owner@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownervalueclick20.zip/owner@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownervalueclick21.zip/owner@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownervalueclick3.zip/owner@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerstatse.zip/owner@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerad.zip/owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerzedo1.zip/owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerzedo10.zip/owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerzedo11.zip/owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerzedo2.zip/owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerzedo20.zip/owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerzedo21.zip/owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerzedo22.zip/owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerzedo23.zip/owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerzedo24.zip/owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerzedo25.zip/owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerzedo26.zip/owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Doctor Alex\Undo\ownerzedo27.zip/owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Doctor Alex\Undo\VSAdd-in.zip/VSAdd-in.dll -> Trojan.Agent.acl : Cleaned.
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1943\A0516251.exe -> Trojan.Obfuscated.en : Cleaned.
::Report end
Change HijackThis.exe name to Scanner.exe
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
If you use Firefox browserUnder Main choose: Select All
Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
If you use Opera browserClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose: Select All
Click Exit on the Main menu to close the program.Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Post a fresh HijackThis log
NEW Log File: Logfile of HijackThis v1.99.1 Scan saved at 12:24:58 PM, on 4/17/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\Olympus\DeviceDetector\DM1Service.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\unzipped\hijackthis\Scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Joi Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8777;http=localhost:8777;https=localhost:8777 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll O12 - Plugin for .lio: c:\PROGRA~1\INTERN~1\plugins\Npmad32l.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Arcsoft Web Uploader - http://www.hpphoto.com/downloads/ReadFileApplet.cab O16 - DPF: Dialpad US Java Applet - http://dialpad.com/applet/src/vscp.cab O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab O16 - DPF: Yahoo! Chat - http://cs5.chat.sc5.yahoo.com/c381/chat.cab O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt0_x.cab O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt0_x.cab O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt0_x.cab O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt0_x.cab O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt0_x.cab O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.games.yahoo.com/games/clients/y/ft0_x.cab O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://204.168.68.163/pfr/tdserver.cab O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - https://tasktypes.com/winscribe/Setup/Typist/setup.exe O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126139634203 O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v41/wordcube/wordcube.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d2c89f68a1bb5a/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {7783A65D-275D-42FB-8CBF-722E42003FB6} (WPActiveX Control) - http://207.44.141.108/wp/wpax.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://www.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - https://tasktypes.com/winscribe/setup/typist/isetup.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://cmmonline.emc.uq.edu.au/activex/AxisCamControl.ocx O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\..\{A79A9517-A06B-4AED-A6DA-A9985824258A}: Domain = HughesNet.com O17 - HKLM\System\CCS\Services\Tcpip\..\{A79A9517-A06B-4AED-A6DA-A9985824258A}: NameServer = 66.82.4.8,192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{DD75744B-6243-419B-90DD-B16BE33E15CC}: Domain = HughesNet.com O17 - HKLM\System\CCS\Services\Tcpip\..\{DD75744B-6243-419B-90DD-B16BE33E15CC}: NameServer = 66.82.4.8 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe THANKS!
Press Start->Run, type this in the white box notepad, when the notepad is open, press Edit->Wordwrap, and sure that Wordwrap is not to mark.
Then post a fresh HijackThis log
New New Log File
Logfile of HijackThis v1.99.1
Scan saved at 4:07:38 PM, on 4/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\WinScribe\wsiTypist.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\notepad.exe
C:\unzipped\hijackthis\Scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Joi Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8777;http=localhost:8777;https=localhost:8777
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .lio: c:\PROGRA~1\INTERN~1\plugins\Npmad32l.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Arcsoft Web Uploader - http://www.hpphoto.com/downloads/ReadFileApplet.cab
O16 - DPF: Dialpad US Java Applet - http://dialpad.com/applet/src/vscp.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt0_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt0_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt0_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt0_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.games.yahoo.com/games/clients/y/ft0_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://204.168.68.163/pfr/tdserver.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - https://tasktypes.com/winscribe/Setup/Typist/setup.exe
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126139634203
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v41/wordcube/wordcube.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d2c89f68a1bb5a/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7783A65D-275D-42FB-8CBF-722E42003FB6} (WPActiveX Control) - http://207.44.141.108/wp/wpax.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://www.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - https://tasktypes.com/winscribe/setup/typist/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://cmmonline.emc.uq.edu.au/activex/AxisCamControl.ocx
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{A79A9517-A06B-4AED-A6DA-A9985824258A}: Domain = HughesNet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A79A9517-A06B-4AED-A6DA-A9985824258A}: NameServer = 66.82.4.8,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD75744B-6243-419B-90DD-B16BE33E15CC}: Domain = HughesNet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD75744B-6243-419B-90DD-B16BE33E15CC}: NameServer = 66.82.4.8
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
HijackThis log looks good
Clean your System Restore:
Turn off System Restore.
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab
Check Turn off System Restore
Click Apply, and then click OK
Reboot.
Turn on System Restore.
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab
Uncheck Turn off System Restore
Click Apply, and then click OK
Now, everything is good