Not sure my machine is clean (with log)

I started getting an IE pop up to an ad site when starting up firefox (I think that's what caused it). I've run Adaware, Spybot, superantispyware, and an AVG virus scan. I'm hoping that it is clean now, but I don't know for sure. Here is a log that I hope someone can take a look at for me. There are a couple of items that still look suspicious to me.

Thanks!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:08:06 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\hijack\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Jeff and Brenda's Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = www.reprokopia.se:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0309638F-93F8-44D3-84CF-240EB1AB7F1F} - C:\WINDOWS\system32\vturpoo.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {AC8549AD-E530-4A06-AA06-04A5931604D5} - C:\WINDOWS\system32\dbkxgjwc.dll
O2 - BHO: (no name) - {E7DFD95A-3400-4D31-95DF-87880F7AC392} - C:\WINDOWS\system32\pmnlm.dll
O2 - BHO: (no name) - {E84A503B-4DF0-4C6E-8FB6-EC500E958134} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: World Community Grid Agent.lnk = C:\Program Files\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: SWF To Video Scout - {78612F04-8640-465E-BF05-05FB653AD2E6} - C:\Program Files\SWF To Video Scout\flashextract.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.moveon.org
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://firepass.ksdot.org/vdesk/ter...5500,0,50923,1
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120527060796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1121745426931
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/...lowActiveX.CAB
O16 - DPF: {E10C53CE-D6AF-11D5-98F2-005004054266} (eGPS Class) - http://www.lostoutdoors.com/controls/eGPS.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\system32\pmnlm.dll
O20 - Winlogon Notify: vturpoo - C:\WINDOWS\SYSTEM32\vturpoo.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Jeff/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 11093 bytes

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 11:23:13 PM 4/18/2007

Listing files found while scanning....

C:\WINDOWS\system32\ifxfifgy.dll
C:\WINDOWS\system32\lmjecjay.dll
C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\pmnlm.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ifxfifgy.dll
C:\WINDOWS\system32\ifxfifgy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lmjecjay.dll
C:\WINDOWS\system32\lmjecjay.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\pmnlm.dll Has been deleted!

Performing Repairs to the registry.
Done!




Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:57:13 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijack\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Jeff and Brenda's Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = www.reprokopia.se:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0309638F-93F8-44D3-84CF-240EB1AB7F1F} - C:\WINDOWS\system32\vturpoo.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: World Community Grid Agent.lnk = C:\Program Files\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: SWF To Video Scout - {78612F04-8640-465E-BF05-05FB653AD2E6} - C:\Program Files\SWF To Video Scout\flashextract.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.moveon.org
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://firepass.ksdot.org/vdesk/ter...5500,0,50923,1
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120527060796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1121745426931
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/...lowActiveX.CAB
O16 - DPF: {E10C53CE-D6AF-11D5-98F2-005004054266} (eGPS Class) - http://www.lostoutdoors.com/controls/eGPS.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: vturpoo - C:\WINDOWS\SYSTEM32\vturpoo.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Jeff/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 9672 bytes

HIDDEN FILES: To make sure you can see any and all hidden files, please follow the directions here



Submit the following file(s) to VirusTotal for their immediate evaluation and feedback. Use any of the following methods, as appropriate:

• Locate FULL FILE PATH if not apparent. Use Start (BUTTON)>Search, [WINDOWS+F] keys, or F3 key.
• Copy & Paste the FULL FILE PATH in the input BOX
  -- OR --
• Navigate to the file in question.

Post those results in your next reply:

C:\WINDOWS\system32\vturpoo.dll





Your system has an outdated version of Sun Java that could create serious security exposure issues for your PC.

Update your Java.

Older JAVA versions have vulnerabilities that malware can and are using to infect systems.

Please follow these steps to remove older version Java components.

• Close any programs you may have running, ESPECIALLY your web browser
• Click Start > Control Panel.
• Click Add/Remove Programs.
• Check any item with Java Runtime Environment (JRE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove all versions of Java.
• Reboot your computer once all Java components are removed.

Download the latest version of Java Runtime Environment (JRE) 5.0 Update 11 or higher, and install it to your computer.


New Version should show as (HijackThis log):

C:\Program Files\Java\jre1.5.0_11\… or higher

__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Here's the virustotal scan. Will post hjt log soon.

Complete scanning result of "vturpoo.dll", received in VirusTotal at 04.20.2007, 02:23:11 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.19.1 04.19.2007 no virus found
AntiVir 7.3.1.53 04.19.2007 ADSPY/Virtumonde.IH.2
Authentium 4.93.8 04.20.2007 no virus found
Avast 4.7.981.0 04.19.2007 no virus found
AVG 7.5.0.464 04.19.2007 no virus found
BitDefender 7.2 04.20.2007 MemScan:Trojan.Vundo.DLM
CAT-QuickHeal 9.00 04.19.2007 Adware.Virtumonde.gen
ClamAV devel-20070416 04.19.2007 Trojan.Packed-7
DrWeb 4.33 04.19.2007 Trojan.Virtumod
eSafe 7.0.15.0 04.19.2007 no virus found
eTrust-Vet 30.7.3579 04.19.2007 Win32/Chisyne!generic
Ewido 4.0 04.19.2007 Adware.Virtumonde
FileAdvisor 1 04.20.2007 High threat detected
Fortinet 2.85.0.0 04.19.2007 Adware/VirtuMonde
F-Prot 4.3.2.48 04.18.2007 no virus found
F-Secure 6.70.13030.0 04.20.2007 Vundo.gen17
Ikarus T3.1.1.5 04.19.2007 not-a-virus:AdWare.Win32.Virtumonde.bq
Kaspersky 4.0.2.24 04.20.2007 not-a-virus:AdWare.Win32.Virtumonde.ih
McAfee 5013 04.19.2007 no virus found
Microsoft 1.2405 04.20.2007 no virus found
NOD32v2 2205 04.19.2007 no virus found
Norman 5.80.02 04.19.2007 Vundo.gen17
Panda 9.0.0.4 04.19.2007 Spyware/Virtumonde
Prevx1 V2 04.20.2007 SpywareQuake
Sophos 4.16.0 04.17.2007 no virus found
Sunbelt 2.2.907.0 04.19.2007 VIPRE.Suspicious
Symantec 10 04.20.2007 no virus found
TheHacker 6.1.6.095 04.15.2007 no virus found
VBA32 3.11.3 04.19.2007 Trojan.Virtumod
VirusBuster 4.3.7:9 04.19.2007 Adware.Vundo.Gen!Pac.8
Webwasher-Gateway 6.0.1 04.19.2007 Ad-Spyware.Virtumonde.IH.2

Aditional Information
File size: 26694 bytes
MD5: 6d99e7b9f72d254d41058d4b74bfa2da
SHA1: f055d94cd94efa3f6159ca2b9df1aca57eb986bc
Bit9 info: http://fileadvisor.bit9.com/services...058d4b74bfa2da
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=75c389476087
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Here's the Hijack Log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:37:25 PM, on 4/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WorldCommunityGrid\UD.EXE
C:\hijack\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Jeff and Brenda's Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = www.reprokopia.se:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0309638F-93F8-44D3-84CF-240EB1AB7F1F} - C:\WINDOWS\system32\vturpoo.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\mrrsdilu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {AC8549AD-E530-4A06-AA06-04A5931604D5} - C:\WINDOWS\system32\rcekcnvr.dll
O2 - BHO: (no name) - {BB2DA497-FD03-49E2-9D74-8216247F6E25} - C:\WINDOWS\system32\ddabx.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: World Community Grid Agent.lnk = C:\Program Files\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: SWF To Video Scout - {78612F04-8640-465E-BF05-05FB653AD2E6} - C:\Program Files\SWF To Video Scout\flashextract.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.moveon.org
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://firepass.ksdot.org/vdesk/ter...5500,0,50923,1
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120527060796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1121745426931
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/...lowActiveX.CAB
O16 - DPF: {E10C53CE-D6AF-11D5-98F2-005004054266} (eGPS Class) - http://www.lostoutdoors.com/controls/eGPS.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: vturpoo - C:\WINDOWS\SYSTEM32\vturpoo.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Jeff/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 10245 bytes

You have a new resistant file(s) that we need to upload to the maker of the Vundofix. This could help others and us greatly. After you do this we will safely remove this infection.
This will only take a few minutes of your time.

• Please go to this Site.
• Fill out the form
• Where it says Topic where file was requested paste this link in:
  
  Not sure my machine is clean (with log)
  
• Where it says browse paste these in the spaces provided .
  
  
  
  C:\WINDOWS\system32\vturpoo.dll
  C:\WINDOWS\system32\mrrsdilu.dll
  C:\WINDOWS\system32\rcekcnvr.dll
  
  
• Then click send

Thanks - now let's get rid of it.
-------------------------------

Use this tool for Vundo if you don't already have it. You can delete any others you have tried.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once the scan is complete, Right Click inside the listbox (white box) and click add more files
• Copy&Paste the 2 entries below into the top 2 boxes
  
  • C:\WINDOWS\system32\vturpoo.dll
  • C:\WINDOWS\system32\mrrsdilu.dll
• Click Add Files and Click Close Window
• Click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

The files have been submitted.


Scan started at 9:30:39 PM 4/19/2007

Listing files found while scanning....

C:\WINDOWS\system32\focvangf.dll
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\wqrmwqqd.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\focvangf.dll
C:\WINDOWS\system32\focvangf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\mlljk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mrrsdilu.dll
C:\WINDOWS\system32\mrrsdilu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturpoo.dll
C:\WINDOWS\system32\vturpoo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wqrmwqqd.dll
C:\WINDOWS\system32\wqrmwqqd.dll Has been deleted!

Performing Repairs to the registry.
Done!



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:42:58 PM, on 4/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijack\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Jeff and Brenda's Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = www.reprokopia.se:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: GoodSearch Toolbar - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\PROGRA~1\GOODSE~1\GOODSE~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: World Community Grid Agent.lnk = C:\Program Files\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: SWF To Video Scout - {78612F04-8640-465E-BF05-05FB653AD2E6} - C:\Program Files\SWF To Video Scout\flashextract.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.moveon.org
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://firepass.ksdot.org/vdesk/ter...5500,0,50923,1
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120527060796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1121745426931
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/...lowActiveX.CAB
O16 - DPF: {E10C53CE-D6AF-11D5-98F2-005004054266} (eGPS Class) - http://www.lostoutdoors.com/controls/eGPS.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Jeff/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 9650 bytes

While your HijackThis log appears to be clear, let us know if your PC now appears to be behaving well again.



It would not hurt to run the following scan for added assurances - a lack of symptoms does not necessarily guarantee anything:


Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.

• Install AVG Anti-Spyware by double clicking the installer.
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to the words Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update successful message.
  • Click on Scanner on the toolbar at top of this screen.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Close AVG Anti-Spyware without running yet.

Now disable (turn off AVG Anti-Spyware)

• Right-click the AVG Anti-Spyware Tray Icon (Bottom right corner of computer screen near clock) and uncheck Start with Windows.
• Right-click the AVG Anti-Spyware Tray Icon again and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

______________________________


Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Note: If AVG Anti-Spyware screen does not fit your monitor screen Hold down the Alt button on keyboard then tap spacebar, menu should pop up then choose maximize. AVG Anti-Spyware screen should now fit to the screen a lot better.

• Click on the Scan tab.
• Click on Complete System Scan to start the scan process.
• Let the program scan the machine.
• When the scan has finished, follow the instructions below.

IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.

• Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
• At the bottom of the window click on the Apply all Actions button.(3)

• When done, click the Save Scan Report button. (4)
  • Click the Save Report as button.
  • Save the report to your Desktop. I will need you to post this in your next reply.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot in Normal Mode.

__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

For some reason it looks like our little Virtumonde didn't stay gone. I haven't done anything on my computer since we worked on it the other day.

Here is the AVG Anti-Spyware log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:15:39 AM 4/21/2007

+ Scan result:



C:\Documents and Settings\All Users\Documents\Dell Backup\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F5E7AA1C-750B-4EDE-A05C-75444EE5FE82}\RP692\A0080883.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\vturpoo.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\khffcbc.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rqrqqqp.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wvututu.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeff\Local Settings\Temp\rnvevsjh.dll -> Logger.VBStat.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeff\Local Settings\Temp\rrdwwqfg.dll -> Logger.VBStat.h : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\Dell Backup\Documents and Settings\Jeff\My Documents\My Downloads\extractions\MATH - Mathtype 5.2+Keygen(1).zip/Mathtype 5.2+Keygen.exe -> Not-A-Virus.BadJoke.Win32.Irritan.a : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\Dell Backup\Documents and Settings\Jeff\My Documents\My Downloads\extractions\Mathtype 5.2\Mathtype 5.2+Keygen.exe -> Not-A-Virus.BadJoke.Win32.Irritan.a : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\Dell Backup\My Documents\My Downloads\extractions\MATH - Mathtype 5.2+Keygen(1).zip/Mathtype 5.2+Keygen.exe -> Not-A-Virus.BadJoke.Win32.Irritan.a : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\Dell Backup\My Documents\My Downloads\extractions\Mathtype 5.2\Mathtype 5.2+Keygen.exe -> Not-A-Virus.BadJoke.Win32.Irritan.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeff\My Documents\My Downloads\extractions\MATH - Mathtype 5.2+Keygen(1).zip/Mathtype 5.2+Keygen.exe -> Not-A-Virus.BadJoke.Win32.Irritan.a : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\xx9qv8d0.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.96:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc632.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jeff\Cookies\jeff@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.110:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.111:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.112:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.746:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.747:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.55:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\xx9qv8d0.default\coo kies.txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\Documents and Settings\Brenda\Cookies\brenda@www.adobe[2].txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.13:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\xx9qv8d0.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\xx9qv8d0.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\xx9qv8d0.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\xx9qv8d0.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\xx9qv8d0.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Jeff\Cookies\jeff@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\xx9qv8d0.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc559.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\Documents and Settings\Brenda\Cookies\brenda@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc566.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jeff\Cookies\jeff@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jeff\Cookies\jeff@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Brenda\Cookies\brenda@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Jeff\Cookies\jeff@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc533.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc534.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc577.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc739.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc740.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc741.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc742.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc743.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jeff\Cookies\jeff@ehg-maniatv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jeff\Cookies\jeff@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.331:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.332:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.52:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\xx9qv8d0.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.53:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\xx9qv8d0.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.751:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc608.txt -> TrackingCookie.Intelli-direct : Cleaned.
C:\Documents and Settings\Jeff\Cookies\jeff@search.live[2].txt -> TrackingCookie.Live : Cleaned.
:mozilla.752:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.753:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.756:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.757:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.12:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\xx9qv8d0.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Brenda\Cookies\brenda@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Jeff\Cookies\jeff@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\Documents and Settings\Brenda\Cookies\brenda@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\Documents and Settings\Brenda\Local Settings\Temp\Cookies\brenda@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\Documents and Settings\Diana\Cookies\diana@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Brenda\Cookies\brenda@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Diana\Cookies\diana@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\Documents and Settings\Brenda\Cookies\brenda@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Jeff\Cookies\jeff@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.487:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.488:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.489:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.495:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc725.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Jeff\Cookies\system@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.517:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.518:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.519:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Jeff\Cookies\jeff@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc595.txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc656.txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc542.txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc728.txt -> TrackingCookie.Realcastmedia : Cleaned.
:mozilla.530:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.531:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.532:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.533:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.534:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.535:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.536:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.251:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.252:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.894:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.895:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.896:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.113:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.114:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.115:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.577:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc540.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.597:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.598:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.646:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.647:C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\ssfj4usu.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\Documents and Settings\Jeff\Cookies\jeff@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc625.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Brenda\Cookies\brenda@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Jeff\Cookies\jeff@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.29:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\xx9qv8d0.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc538.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\All Users\Documents\Dell Backup\RECYCLER\S-1-5-21-1858025970-572454927-963639892-1006\Dc529.txt -> TrackingCookie.Zedo : Cleaned.


::Report end