Numbers.exe

I caught some type of virus within the past couple of days. My computer creates and tries to execute some random numbers.exe files (for example 1732872744.exe). Also, it keeps setting my web browser to not show pictures. Its becoming a real pain in the butt. Here's my hijack this log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:35 PM, on 4/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WMP54GX.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {17D15EAB-C766-4615-9F23-A5A6999300A0} - c:\windows\system32\gcfdoqo.dll
O2 - BHO: C:\WINDOWS\system32\sdfadccddkn93.dll - {D5BF49A0-94F3-52BD-F434-3604812C8955} - C:\WINDOWS\system32\sdfadccddkn93.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Otonevanuzafavi] rundll32.exe "C:\WINDOWS\uxolimarigaf.dll",e
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ccApp] -
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\JJ01F6~1\LOCALS~1\Temp\1732872744.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Gold 17\Remind.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31A8068E-5C15-402F-81C0-04C7D2D66CE6} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JS...ws-i586-jc.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - Imikimi.com - Customizable Comments, Images, Animations, Photos, Frames and Graphics for MySpace, Hi5, Orkut, Friendster and Facebook.
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst.com/play/game/d...h.1.0.0.93.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...loader_v10.cab
O20 - Winlogon Notify: mrjfswwp - C:\WINDOWS\SYSTEM32\gcfdoqo.dll
O21 - SSODL: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - (no file)
O22 - SharedTaskScheduler: lkjf9873jhifjnsfi8w3fe - {D5BF49A0-94F3-52BD-F434-3604812C8955} - C:\WINDOWS\system32\sdfadccddkn93.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WMP54GX4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe

--
End of file - 11967 bytes


Any help is appreciated. Thank you.

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

STEP 1. Download SUPERAntiSpyware Free for Home Users:
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: SUPERAntiSpyware.com - Database Definition Information.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under Configuration and Preferences, click the Preferences button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* Back on the main screen, under Scan for Harmful Software click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
NOTE: Tracking cookies may be omitted from the log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: GMER - Rootkit Detector and Remover - Files, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.14966
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4.
Post fresh HijackThis log.
Do NOT attempt to "fix" anything!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

__________________
My Home Page

Thanks for the reply. Here is all the information you requested.

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Generated 04/08/2009 at 04:04 AM

Application Version : 4.26.1000

Core Rules Database Version : 3834
Trace Rules Database Version: 1790

Scan type : Complete Scan
Total Scan Time : 04:23:59

Memory items scanned : 250
Memory threats detected : 2
Registry items scanned : 6081
Registry threats detected : 27
File items scanned : 150914
File threats detected : 612

Adware.Vundo/Variant-Joke
C:\WINDOWS\SYSTEM32\GCFDOQO.DLL
C:\WINDOWS\SYSTEM32\GCFDOQO.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{17D15EAB-C766-4615-9F23-A5A6999300A0}
HKCR\CLSID\{17D15EAB-C766-4615-9F23-A5A6999300A0}
HKCR\CLSID\{17D15EAB-C766-4615-9F23-A5A6999300A0}
HKCR\CLSID\{17D15EAB-C766-4615-9F23-A5A6999300A0}#Version
HKCR\CLSID\{17D15EAB-C766-4615-9F23-A5A6999300A0}#Flags
HKCR\CLSID\{17D15EAB-C766-4615-9F23-A5A6999300A0}\InprocServer32
HKCR\CLSID\{17D15EAB-C766-4615-9F23-A5A6999300A0}\InprocServer32#ThreadingModel
HKCR\CLSID\{17D15EAB-C766-4615-9F23-A5A6999300A0}\ProgID
HKCR\Fyqwifxt
HKCR\Fyqwifxt#TimeStamp
HKCR\Fyqwifxt\CLSID
HKU\S-1-5-21-3979081457-22037321-1631463600-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{17D15EAB-C766-4615-9F23-A5A6999300A0}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mrjfswwp

Trojan.Smitfraud Variant-Gen/Bensorty
C:\WINDOWS\SYSTEM32\SDFADCCDDKN93.DLL
C:\WINDOWS\SYSTEM32\SDFADCCDDKN93.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D5BF49A0-94F3-52BD-F434-3604812C8955}
HKCR\CLSID\{D5BF49A0-94F3-52BD-F434-3604812C8955}
HKCR\CLSID\{D5BF49A0-94F3-52BD-F434-3604812C8955}
HKCR\CLSID\{D5BF49A0-94F3-52BD-F434-3604812C8955}#ThreadingModel
HKCR\CLSID\{D5BF49A0-94F3-52BD-F434-3604812C8955}\InProcServer32
HKCR\CLSID\{D5BF49A0-94F3-52BD-F434-3604812C8955}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler#{D5BF49A0-94F3-52BD-F434-3604812C8955}
HKU\S-1-5-21-3979081457-22037321-1631463600-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{D5BF49A0-94F3-52BD-F434-3604812C8955}

Adware.MyWebSearch
HKU\S-1-5-21-3979081457-22037321-1631463600-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-21-3979081457-22037321-1631463600-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Adware.HotBar/ShopperReports (Low Risk)
HKU\S-1-5-21-3979081457-22037321-1631463600-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

Trojan.Media-Codec
HKU\S-1-5-21-3979081457-22037321-1631463600-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{84938242-5C5B-4A55-B6B9-A1507543B418}

Adware.Zango/ShoppingReport
HKU\S-1-5-21-3979081457-22037321-1631463600-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
HKU\S-1-5-21-3979081457-22037321-1631463600-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}

Adware.Tracking Cookie
C:\Documents and Settings\J J\Cookies\j_j@shopica[2].txt
C:\Documents and Settings\J J\Cookies\j_j@cdn4.specificclick[2].txt
C:\Documents and Settings\J J\Cookies\j_j@kontera[2].txt
C:\Documents and Settings\J J\Cookies\j_j@at.atwola[2].txt
C:\Documents and Settings\J J\Cookies\j_j@realmedia[2].txt
C:\Documents and Settings\J J\Cookies\j_j@bs.serving-sys[1].txt
C:\Documents and Settings\J J\Cookies\j_j@tacoda[2].txt
C:\Documents and Settings\J J\Cookies\j_j@counter.surfcounters[1].txt
C:\Documents and Settings\J J\Cookies\j_j@specificmedia[2].txt
C:\Documents and Settings\J J\Cookies\j_j@serving-sys[2].txt
C:\Documents and Settings\J J\Cookies\j_j@ads.pointroll[1].txt
C:\Documents and Settings\J J\Cookies\j_j@revsci[2].txt
C:\Documents and Settings\J J\Cookies\j_j@www.findstuff[1].txt
C:\Documents and Settings\J J\Cookies\j_j@perf.overture[1].txt
C:\Documents and Settings\J J\Cookies\j_j@media6degrees[2].txt
C:\Documents and Settings\J J\Cookies\j_j@admarketplace[1].txt
C:\Documents and Settings\J J\Cookies\j_j@www.shopica[1].txt
C:\Documents and Settings\J J\Cookies\j_j@tribalfusion[2].txt
C:\Documents and Settings\J J\Cookies\j_j@trafficmp[2].txt
C:\Documents and Settings\J J\Cookies\j_j@bridge1.admarketplace[1].txt
C:\Documents and Settings\J J\Cookies\j_j@specificclick[2].txt
C:\Documents and Settings\J J\Cookies\j_j@insightexpressai[1].txt
C:\Documents and Settings\J J\Cookies\j_j@overture[2].txt
C:\Documents and Settings\J J\Cookies\j_j@tracking.foundry42[2].txt
C:\Documents and Settings\J J\Cookies\j_j@tracking.foundry42[1].txt
C:\Documents and Settings\J J\Cookies\j_j@247realmedia[2].txt
C:\Documents and Settings\J J\Cookies\j_j@questionmarket[1].txt
C:\Documents and Settings\J J\Cookies\j_j@bizrate[1].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@2o7[1].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@ad.yieldmana ger[1].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@adopt.eurocl ick[2].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@ads.cartoonn etwork[1].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@ads.revsci[1].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@atwola[2].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@interclick[2].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@maxis.112.2o 7[1].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@media6degree s[2].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@overture[1].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@serving-sys[1].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@tacoda[1].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@track.moniti s[2].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@tradedoubler[1].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@trafficmp[1].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@tremor.adbur eau[2].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@www.burstnet[1].txt
C:\Documents and Settings\Guest.D1YMPY81\Cookies\guest@zedo[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy jazz@app.insightgrit[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy jazz@discountwomensshoes[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy jazz@engine.adnet[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@1.sharkadnetwork[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@112.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@247realmedia[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@2o7[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@2o7[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@5.go.globaladsales[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@a.websponsors[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@a1.interclick[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ad.flux[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ad.lookery[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ad.targetingmarketplace[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ad.trebleserve[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ad.yieldmanager[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ad.yieldmanager[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ad.zanox[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adbrite[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adbrite[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adecn[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adfi.adbureau[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adinterax[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adlegend[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@admarketplace[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@admarketplace[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@admediastats[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adnetserver[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adopt.euroclick[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adopt.euroclick[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adopt.euroclick[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adopt.specificclick[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adrevolver[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads-dev.youporn[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.addesktop[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.addynamix[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.admanage[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.adultswim[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.adultswim[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.associatedcontent[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.bootcampmedia[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.cartoonnetwork[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.clicksor[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.cnn[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.contactmusic[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.fatvine[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.gamesbannernet[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.glitter-graphics[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.gmodules[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.imarketservices[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.lucidmedia[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.mail[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.monster[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.nebuadserving[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.nyx.adbrite[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.ontecnia[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.pointroll[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.pointroll[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.react2media[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.react2media[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.realtechnetwork[10].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.realtechnetwork[11].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.realtechnetwork[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.realtechnetwork[5].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.realtechnetwork[6].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.realtechnetwork[7].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.realtechnetwork[8].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.realtechnetwork[9].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.us.e-planning[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.us.e-planning[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.vlaze[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.vlaze[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.widgetbucks[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.widgetbucks[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads.xapads[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads3.blastro[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ads4.blastro[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adserver.adreactor[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adserver.adtechus[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adserver.adtechus[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adserver.pimp-my-sims[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adultfriendfinder[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adultswim[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@adultswim[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@advertstream[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@alexanderinteractive.112.2 o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@apmebf[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@apmebf[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ar.atwola[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@as.teenhollywood[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@at.atwola[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@at.atwola[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@at.atwola[4].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@atwola[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@azjmp[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@b5media[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@bannerhosta[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@bet.burstnet[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@bet.burstnet[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@bizrate[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@bizrate[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@bluestreak[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@bridge1.admarketplace[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@bridge2.admarketplace[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@brownshoe.112.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@bs.serving-sys[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@bs.serving-sys[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@burstnet[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@burstnet[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@buycom.122.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@c7.zedo[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@c7.zedo[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@cbsdigitalmedia.112.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@cdn.at.atwola[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@cdn.at.atwola[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@cdn4.specificclick[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@celebrateexpress.122.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@cgm.adbureau[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@chitika[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@clicket[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@clickz.lonelycheatingwives[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@code.mediatext[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@collective-media[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@collective-media[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@commonsensemedia[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@content.yieldmanager.edges uite[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@content.yieldmanager[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@content.yieldmanager[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@crackle[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@crackle[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@dc.tremormedia[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@dealtime[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@divavillage.advertserve[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@dl2.ads2media[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@dmtracker[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@eaeacom.112.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@edge.ru4[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@enhance[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@exitexchange[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@exitexchange[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@eyewonder[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ez-tracks[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@factorycard.122.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@female.thedailymodel[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@findcostume[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@findyouradmirer[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@freecodesource.advertserve[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@gettyimages.122.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@gettyimages.122.2o7[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@go.globaladsales[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@googleadservices[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@hookedmediagroup[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@hypertracker[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@iacas.adbureau[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@iacas.adbureau[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@ice.112.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@image.masterstats[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@imediablast[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@imediablast[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@imrworldwide[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@imrworldwide[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@incentaclick[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@insightexpressai[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@insightexpressai[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@insightexpresserdd[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@interclick[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@invitemedia[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@journalregistercompany.122 .2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@kontera[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@kontera[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@login.tracking101[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@lotsofads.smilingtraffic[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@marketlive.122.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@maxis.112.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@media.adrevolver[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@media.adrevolver[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@media.mtvnservices[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@media.mtvnservices[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@media.ntsserve[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@media.ntsserve[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@media.photobucket[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@media.photobucket[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@media6degrees[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@media6degrees[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@media6degrees[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@mediaonenetwork[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@mediatakeout[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@mobileentertainment.direct track[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@myroitracking[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@myroitracking[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@mywebpower[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@network.realmedia[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@network.realmedia[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@nextag[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@nielsen.112.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@nielsen.112.2o7[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@oasn04.247realmedia[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@onlinerewardcenter[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@optimize.indieclick[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@overture[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@overture[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@partner2profit[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@perf.overture[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@perf.overture[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@precisionclick[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@pro-market[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@prospect.adbureau[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@qksrv[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@qnsr[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@questionmarket[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@realmedia[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@realmedia[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@reduxads.valuead[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@revenue[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@revsci[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@revsci[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@richmedia.yahoo[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@richmedia.yahoo[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@rm.yieldmanager[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@rm.yieldmanager[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@roiservice[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@rotator.adjuggler[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@rotator.adjuggler[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@rotator.adjuggler[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@sales.liveperson[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@sales.liveperson[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@sales.liveperson[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@sales.liveperson[4].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@scanner.malware-scan[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@servedby.adxpower[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@server2.mediatakeout[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@serw.clicksor[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@shopit.112.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@silo.thefind[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@snagajob.122.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@socialmedia[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@socialmedia[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@socialmedia[4].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@soundclick[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@specificclick[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@specificmedia[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@stat.dealtime[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@stat.onestat[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@statcounter[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@stateofgeorgia.122.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@stats.gamestop[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@tacoda[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@tds.clickproc[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@teenhollywood[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@test.koadserver[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@thefind[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@tjx.112.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@toseeka[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@track.trackads[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@tracking.foxnews[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@tracking.keywordmax[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@traffic.buyservices[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@trafficdashboard[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@trafficmp[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@trafficmp[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@travidia.112.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@tribalfusion[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@tripod[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@v7.stats.load[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@viacom.adbureau[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@viacom.adbureau[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@viacom.adbureau[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@viamtvcom.112.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@viamtvnvideo.112.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@videoegg.adbureau[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@wachovia.112.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@web4.realtracker[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@windowsmedia[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.argomedia.lasik[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.burstbeacon[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.burstbeacon[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.burstnet[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.burstnet[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.burstnet[3].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.clickmanage[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.clickxchange[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.cpctrack[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.ez-tracks[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.findstuff[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.gmbtrack[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.googleadservices[10].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.googleadservices[11].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.googleadservices[5].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.googleadservices[9].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.incentaclick[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.pro-advertise[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www.tltrack[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www2.addfreestats[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www3.addfreestats[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www7.addfreestats[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@www8.addfreestats[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@xiti[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@yadro[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@yieldmanager[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@yieldmanager[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@youporn[2].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@zedo[1].txt
C:\Documents and Settings\Jazzy Jazz\Cookies\jazzy_jazz@zillow.adbureau[1].txt
C:\Documents and Settings\Josh\Cookies\josh@247realmedia[2].txt
C:\Documents and Settings\Josh\Cookies\josh@2o7[1].txt
C:\Documents and Settings\Josh\Cookies\josh@2o7[2].txt
C:\Documents and Settings\Josh\Cookies\josh@a.websponsors[2].txt
C:\Documents and Settings\Josh\Cookies\josh@ad2.doublepimp[1].txt
C:\Documents and Settings\Josh\Cookies\josh@adfi.adbureau[2].txt
C:\Documents and Settings\Josh\Cookies\josh@adopt.euroclick[1].txt
C:\Documents and Settings\Josh\Cookies\josh@adopt.specificclick[2].txt
C:\Documents and Settings\Josh\Cookies\josh@ads-dev.youporn[2].txt
C:\Documents and Settings\Josh\Cookies\josh@ads.adultswim[1].txt
C:\Documents and Settings\Josh\Cookies\josh@ads.bridgetrack[1].txt
C:\Documents and Settings\Josh\Cookies\josh@ads.pointroll[1].txt
C:\Documents and Settings\Josh\Cookies\josh@ads.realtechnetwork[1].txt
C:\Documents and Settings\Josh\Cookies\josh@ads.realtechnetwork[4].txt
C:\Documents and Settings\Josh\Cookies\josh@ads.widgetbucks[1].txt
C:\Documents and Settings\Josh\Cookies\josh@adserver.adreactor[1].txt
C:\Documents and Settings\Josh\Cookies\josh@adserver.adtechus[1].txt
C:\Documents and Settings\Josh\Cookies\josh@adultswim[2].txt
C:\Documents and Settings\Josh\Cookies\josh@ar.atwola[2].txt
C:\Documents and Settings\Josh\Cookies\josh@at.atwola[1].txt
C:\Documents and Settings\Josh\Cookies\josh@at.atwola[3].txt
C:\Documents and Settings\Josh\Cookies\josh@atwola[1].txt
C:\Documents and Settings\Josh\Cookies\josh@azjmp[2].txt
C:\Documents and Settings\Josh\Cookies\josh@bravenet[1].txt
C:\Documents and Settings\Josh\Cookies\josh@cdn.at.atwola[2].txt
C:\Documents and Settings\Josh\Cookies\josh@clickaider[1].txt
C:\Documents and Settings\Josh\Cookies\josh@collective-media[1].txt
C:\Documents and Settings\Josh\Cookies\josh@collective-media[3].txt
C:\Documents and Settings\Josh\Cookies\josh@googleadservices[1].txt
C:\Documents and Settings\Josh\Cookies\josh@indexstats[2].txt
C:\Documents and Settings\Josh\Cookies\josh@indextools[2].txt
C:\Documents and Settings\Josh\Cookies\josh@insightexpressai[2].txt
C:\Documents and Settings\Josh\Cookies\josh@insightexpressai[3].txt
C:\Documents and Settings\Josh\Cookies\josh@interclick[1].txt
C:\Documents and Settings\Josh\Cookies\josh@media6degrees[1].txt
C:\Documents and Settings\Josh\Cookies\josh@media6degrees[2].txt
C:\Documents and Settings\Josh\Cookies\josh@overture[1].txt
C:\Documents and Settings\Josh\Cookies\josh@overture[3].txt
C:\Documents and Settings\Josh\Cookies\josh@partners.tattomedia[2].txt
C:\Documents and Settings\Josh\Cookies\josh@perf.overture[1].txt
C:\Documents and Settings\Josh\Cookies\josh@pornotube[2].txt
C:\Documents and Settings\Josh\Cookies\josh@precisionclick[1].txt
C:\Documents and Settings\Josh\Cookies\josh@prospect.adbureau[1].txt
C:\Documents and Settings\Josh\Cookies\josh@questionmarket[1].txt
C:\Documents and Settings\Josh\Cookies\josh@realmedia[2].txt
C:\Documents and Settings\Josh\Cookies\josh@realmedia[3].txt
C:\Documents and Settings\Josh\Cookies\josh@richmedia.yahoo[1].txt
C:\Documents and Settings\Josh\Cookies\josh@richmedia.yahoo[2].txt
C:\Documents and Settings\Josh\Cookies\josh@rotator.adjuggler[1].txt
C:\Documents and Settings\Josh\Cookies\josh@rotator.adjuggler[2].txt
C:\Documents and Settings\Josh\Cookies\josh@serving-sys[2].txt
C:\Documents and Settings\Josh\Cookies\josh@socialmedia[1].txt
C:\Documents and Settings\Josh\Cookies\josh@soundclick[1].txt
C:\Documents and Settings\Josh\Cookies\josh@soundclick[3].txt
C:\Documents and Settings\Josh\Cookies\josh@specificmedia[1].txt
C:\Documents and Settings\Josh\Cookies\josh@specificmedia[2].txt
C:\Documents and Settings\Josh\Cookies\josh@trafficmp[2].txt
C:\Documents and Settings\Josh\Cookies\josh@tremor.adbureau[1].txt
C:\Documents and Settings\Josh\Cookies\josh@tribalfusion[1].txt
C:\Documents and Settings\Josh\Cookies\josh@viamtvcom.112.2o7[1].txt
C:\Documents and Settings\Josh\Cookies\josh@www.burstbeacon[1].txt
C:\Documents and Settings\Josh\Cookies\josh@www.burstbeacon[3].txt
C:\Documents and Settings\Josh\Cookies\josh@www.soundclick[1].txt
C:\Documents and Settings\Josh\Cookies\josh@www.soundclick[2].txt
C:\Documents and Settings\Josh\Cookies\josh@youporn.videobox[2].txt
C:\Documents and Settings\Josh\Cookies\josh@youporn[2].txt
C:\Documents and Settings\Josh\Cookies\josh@yourporn[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@2o7[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@a.findarticles[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@a1.interclick[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@ad.yieldmanager[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@adbrite[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@adbrite[3].txt
C:\Documents and Settings\Sharon\Cookies\sharon@adopt.euroclick[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@adopt.specificclick[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@adopt.specificclick[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@adrevolver[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@ads.bridgetrack[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@ads.pointroll[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@ads.realtechnetwork[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@ads.realtechnetwork[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@ads.realtechnetwork[3].txt
C:\Documents and Settings\Sharon\Cookies\sharon@ads.realtechnetwork[5].txt
C:\Documents and Settings\Sharon\Cookies\sharon@ads.widgetbucks[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@adserver.adtechus[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@adserving.contextua lmarketplace[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@apmebf[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@at.atwola[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@atwola[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@azjmp[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@bizrate[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@bs.serving-sys[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@bs.serving-sys[3].txt
C:\Documents and Settings\Sharon\Cookies\sharon@burstnet[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@burstnet[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@buzznet.112.2o7[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@cbsdigitalmedia.112 .2o7[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@chitika[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@collective-media[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@content.yieldmanage r.edgesuite[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@content.yieldmanage r[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@costumediscounters[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@dealtime[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@dealtime[3].txt
C:\Documents and Settings\Sharon\Cookies\sharon@directtrack[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@discountdance[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@dmtracker[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@dmtracker[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@dynamic.media.adrev olver[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@e-2dj6wjl4uoczibp.stats.esomniture[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@e-2dj6wjmiqhc5cgo.stats.esomniture[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@findarticles[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@findcostume[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@iacas.adbureau[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@imrworldwide[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@interclick[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@interclick[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@kaboose.112.2o7[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@kontera[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@kontera[3].txt
C:\Documents and Settings\Sharon\Cookies\sharon@link.mercent[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@media.adrevolver[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@media.adrevolver[3].txt
C:\Documents and Settings\Sharon\Cookies\sharon@media.adrevolver[5].txt
C:\Documents and Settings\Sharon\Cookies\sharon@media.mtvnservices[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@media.photobucket[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@media.photobucket[3].txt
C:\Documents and Settings\Sharon\Cookies\sharon@media6degrees[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@media6degrees[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@mobileentertainment .directtrack[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@myroitracking[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@newbankaccount[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@nextag[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@partner2profit[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@peoplefinders[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@precisionclick[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@publishers.clickboo th[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@questionmarket[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@realmedia[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@reunion.adbureau[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@richmedia.yahoo[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@rotator.adjuggler[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@sales.liveperson[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@sales.liveperson[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@sales.liveperson[3].txt
C:\Documents and Settings\Sharon\Cookies\sharon@sales.liveperson[4].txt
C:\Documents and Settings\Sharon\Cookies\sharon@samsclub.112.2o7[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@server.iad.livepers on[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@server.iad.livepers on[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@server.iad.livepers on[5].txt
C:\Documents and Settings\Sharon\Cookies\sharon@serving-sys[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@sexycostumesiren[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@shopping.112.2o7[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@silo.thefind[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@snagajob.122.2o7[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@socialmedia[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@specificmedia[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@stat.dealtime[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@stat.dealtime[3].txt
C:\Documents and Settings\Sharon\Cookies\sharon@supersweetsixteens[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@tacoda[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@teenvogue[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@thefind[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@thumbplay.112.2o7[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@track.bestbuy[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@tracking.dsmmadvant age[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@tracking.feedperfec t[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@tracking.foxnews[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@tracking.keywordmax[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@trafficmp[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@tribalfusion[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@valspar.112.2o7[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@valsparatlowes.112. 2o7[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@viacom.adbureau[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@viamtvcom.112.2o7[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@wachovia.112.2o7[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@web4.realtracker[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@webmd.122.2o7[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@webreports.digitali nsight[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@webventures.directt rack[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@www.burstbeacon[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@www.burstbeacon[3].txt
C:\Documents and Settings\Sharon\Cookies\sharon@www.burstnet[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@www.costumediscount ers[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@www.costumediscount ers[3].txt
C:\Documents and Settings\Sharon\Cookies\sharon@www.directnetadvert ising[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@www.directnetadvert ising[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@www.discountdance[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@www.googleadservice s[10].txt
C:\Documents and Settings\Sharon\Cookies\sharon@www.googleadservice s[11].txt
C:\Documents and Settings\Sharon\Cookies\sharon@www.googleadservice s[2].txt
C:\Documents and Settings\Sharon\Cookies\sharon@www.googleadservice s[3].txt
C:\Documents and Settings\Sharon\Cookies\sharon@www.googleadservice s[8].txt
C:\Documents and Settings\Sharon\Cookies\sharon@www.googleadservice s[9].txt
C:\Documents and Settings\Sharon\Cookies\sharon@www.myaccount.cingu lar[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@www.peoplefinders[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@www.socialtrack[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@xiti[1].txt
C:\Documents and Settings\Sharon\Cookies\sharon@zag.122.2o7[1].txt

Rogue.MSAntiSpyware2009
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd

Trojan.Agent/Gen-SmallDrop
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\1044235286.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\1087251368.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\1176168512.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\1337945290.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\1506441016.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\1617095008.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\1806408312.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\2127018794.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\216411980.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\2606070290.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\2641342863.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\2768486740.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\2776644356.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\3109431576.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\3435233870.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\3721680772.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\3732821854.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\391782508.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\407454840.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\4097647308.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\4151455402.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\623119726.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\77896525.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\819308030.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\844086262.EXE
C:\DOCUMENTS AND SETTINGS\J J\LOCAL SETTINGS\TEMP\928132837.EXE
C:\DOCUMENTS AND SETTINGS\JAZZY JAZZ\LOCAL SETTINGS\TEMP\1865299868.EXE
C:\DOCUMENTS AND SETTINGS\JAZZY JAZZ\LOCAL SETTINGS\TEMP\2630361652.EXE
C:\DOCUMENTS AND SETTINGS\JAZZY JAZZ\LOCAL SETTINGS\TEMP\2670176322.EXE
C:\DOCUMENTS AND SETTINGS\JAZZY JAZZ\LOCAL SETTINGS\TEMP\2703017902.EXE
C:\DOCUMENTS AND SETTINGS\JAZZY JAZZ\LOCAL SETTINGS\TEMP\3105205402.EXE
C:\DOCUMENTS AND SETTINGS\JAZZY JAZZ\LOCAL SETTINGS\TEMP\3429956330.EXE
C:\DOCUMENTS AND SETTINGS\JAZZY JAZZ\LOCAL SETTINGS\TEMP\3451831330.EXE
C:\WINDOWS\TEMP\1738893618.EXE
C:\WINDOWS\Prefetch\1738893618.EXE-1B7BED18.pf

Trojan.Downloader-Gen/Temp
C:\WINDOWS\TEMP\ZCT6B.EXE
C:\WINDOWS\Prefetch\ZCT6B.EXE-01E3144A.pf

Trace.Known Threat Sources
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\JTEGHCMX\style[2].css
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\70HP58U3\js[1].js
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\C9OAK18A\favicon[2].ico
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\GJ2BA7MT\async_ads_rs[2].htm
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\2NL1AYWW\shopica_logo_bott[1].gif
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\GJ2BA7MT\search[2].htm
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\2NL1AYWW\sp[1].gif
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\QERA2JIM\footer_dots[1].gif
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\ACICFRQX\async_ads_rs[3].htm
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\QERA2JIM\shopica_logo_top[1].gif
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\QERA2JIM\shopica_com[1].htm
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\ACICFRQX\async_ads_rs[1].htm
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\2NL1AYWW\search[2].htm
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\ACICFRQX\async_ads_rs[2].htm
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\ACICFRQX\releted_dot[1].gif
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\GJ2BA7MT\async_ads_rs[1].htm
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\2NL1AYWW\search[3].htm
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\GJ2BA7MT\search[4].htm
C:\Documents and Settings\J J\Local Settings\Temporary Internet Files\Content.IE5\QERA2JIM\async_ads_rs[2].htm
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\upgrade[1].cab



Malwarebytes' Anti-Malware 1.36
Database version: 1951
Windows 5.1.2600 Service Pack 2

4/8/2009 1:34:19 PM
mbam-log-2009-04-08 (13-34-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 255891
Time elapsed: 1 hour(s), 29 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 20
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\gcfdoqo.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{17d15eab-c766-4615-9f23-a5a6999300a0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mrjfswwp (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{17d15eab-c766-4615-9f23-a5a6999300a0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d5bf49a0-94f3-52bd-f434-3604812c8955} (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{d5bf49a0-94f3-52bd-f434-3604812c8955} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{d5bf49a0-94f3-52bd-f434-3604812c8955} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\n qcctlfr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\n qcctlfr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\nqcctlfr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{17d15eab-c766-4615-9f23-a5a6999300a0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\otonevanuzafavi (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo.H) -> Data: pexmlmgf.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\gcfdoqo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\pexmlmgf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anchxgp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\Temp\asdacdseefen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\uxolimarigaf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Documents and Settings\J J\Local Settings\Temp\2188097311.exe (Trojan.Downloader) -> Delete on reboot.


GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-08 17:54:10
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xB9ED10B0]
SSDT sptd.sys ZwEnumerateKey [0xB9ED684E]
SSDT sptd.sys ZwEnumerateValueKey [0xB9ED6BEE]
SSDT sptd.sys ZwOpenKey [0xB9ED1090]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xBA70E8AC]
SSDT sptd.sys ZwQueryKey [0xB9ED6CC6]
SSDT sptd.sys ZwQueryValueKey [0xB9ED6B46]
SSDT sptd.sys ZwSetValueKey [0xB9ED6D58]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xBA70E812]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D74 80503B48 4 Bytes CALL 4020F5BD
.text ntkrnlpa.exe!ZwCallbackReturn + 2F90 80503D64 4 Bytes CALL 947CF7D9
PAGE ntkrnlpa.exe!ObReferenceObjectByHandle + 44F 805BA365 7 Bytes JMP 8A09B008
? lsrfsmz.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B949D62C 5 Bytes JMP 89F81960

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9ED1ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9ED1C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9ED1B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9ED272E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9ED2604] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2448] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A0CD1D8
Device \Driver\usbuhci \Device\USBPDO-0 89F917E0
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A1411D8
Device \Driver\dmio \Device\DmControl\DmConfig 8A1411D8
Device \Driver\dmio \Device\DmControl\DmPnP 8A1411D8
Device \Driver\dmio \Device\DmControl\DmInfo 8A1411D8
Device \Driver\usbuhci \Device\USBPDO-1 89F917E0
Device \Driver\usbehci \Device\USBPDO-2 89F76980
Device \Driver\usbuhci \Device\USBPDO-3 89F917E0
Device \Driver\usbuhci \Device\USBPDO-4 89F917E0
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A0CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A0CF1D8
Device \Driver\Cdrom \Device\CdRom0 89ED51D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{67DF2D09-E7CB-475C-B1D7-DD568CB907BE} 898EA3D0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A0CE1D8
Device \Driver\atapi \Device\Ide\IdePort0 8A0CE1D8
Device \Driver\atapi \Device\Ide\IdePort1 8A0CE1D8
Device \Driver\atapi \Device\Ide\IdePort2 8A0CE1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A0CE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A0CF1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C07A1372-F94F-4F05-83D8-8128BBBE06CE} 898EA3D0
Device \Driver\NetBT \Device\NetBt_Wins_Export 898EA3D0
Device \Driver\NetBT \Device\NetbiosSmb 898EA3D0
Device \Driver\usbuhci \Device\USBFDO-0 89F917E0
Device \Driver\usbuhci \Device\USBFDO-1 89F917E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 899D41D8
Device \Driver\usbuhci \Device\USBFDO-2 89F917E0
Device 899D41D8
Device \Driver\usbuhci \Device\USBFDO-3 89F917E0
Device \Driver\usbehci \Device\USBFDO-4 89F76980
Device \Driver\Ftdisk \Device\FtControl 8A0CF1D8
Device 89CF6290
Device 9EF371F9

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs 898384C0
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1700119850
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -294898777
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@ujdew 0x1E 0xC8 0x46 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0x2D 0x3B 0xC4 0x7E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x1E 0xC8 0x46 0xD2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x2D 0x3B 0xC4 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{17D15EAB-C766-4615-9F23-A5A6999300A0}\ProgID@ Fyqwifxt
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer@ ole2disp.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ oleaut32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@InprocServer32 RUJ)90mKr=U,4osh]3I`PaintShopPhotoAlbum>M5KDYSUnf(HA*L[xeX)y?
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InProcServer32@ %SystemRoot%\system32\browseui.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32@ C:\WINDOWS\system32\msdxm.ocx
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\MiscStatus\1@ 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\ProgID@ AMtoolbar.AMtoolbar.1
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\Version@ 1.0
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\VersionIndependentProgID@ AMtoolbar.AMtoolbar
Reg HKLM\SOFTWARE\Classes\CLSID\{D5BF49A0-94F3-52BD-F434-3604812C8955}\InProcServer32@ C:\WINDOWS\system32\sdfadccddkn93.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{D5BF49A0-94F3-52BD-F434-3604812C8955}\InProcServer32@ThreadingModel Apartment

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl (size mismatch) 8192/4096 bytes

---- EOF - GMER 1.0.15 ----



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:52 PM, on 4/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WMP54GX.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {17D15EAB-C766-4615-9F23-A5A6999300A0} - c:\windows\system32\gcfdoqo.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtim e.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Gold 17\Remind.exe
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31A8068E-5C15-402F-81C0-04C7D2D66CE6} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JS...ws-i586-jc.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - Imikimi.com - Customizable Comments, Images, Animations, Photos, Frames and Graphics for MySpace, Hi5, Orkut, Friendster and Facebook.
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst.com/play/game/d...h.1.0.0.93.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mrjfswwp - C:\WINDOWS\SYSTEM32\gcfdoqo.dll
O21 - SSODL: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WMP54GX4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe

--
End of file - 10988 bytes

*** You need to update Java:
Download Free Java Software - Sun Microsystems
JRE 6 Update 13
Uninstall all previous versions of Java through Add\Remove ("Programs and Features" in Vista).

Note
1. The Java Quick Starter (JQS.exe) adds unnecessary startup service. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click OK and reboot your computer.
2. Make sure to uncheck Yahoo!Toolbar box during installation process.


1. Print this post out, since you won't have an access to it, at some point.

2. Close all windows, except for HijackThis.

3. Put a checkmark next to the following HijackThis entries:

- O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
- O2 - BHO: (no name) - {17D15EAB-C766-4615-9F23-A5A6999300A0} - c:\windows\system32\gcfdoqo.dll
- O4 - HKLM\..\Run: [ccApp] -
- O8 - Extra context menu item: &Search - ?p=ZJ
- O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
- O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing
- O20 - Winlogon Notify: mrjfswwp - C:\WINDOWS\SYSTEM32\gcfdoqo.dll
- O21 - SSODL: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - (no file)

4. Click on Fix checked button.

5. Restart computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears)

6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.

7. Delete following files/folders (if present):

- gcfdoqo.dll file from c:\windows\system32

8. Restart in Normal Mode.

9. Post new HijackThis log.

__________________
My Home Page

Ok, I did exactly what you requested. However, I was not allowed to delete the gcfdoqo.dll file from the windows folder. It kept saying it was in use. Here's the new hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:18 PM, on 4/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}

\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-

LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier

.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with

SRX400\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with

SRX400\WMP54GX.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Windows Internet Explorer

provided by Yahoo!
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet

Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-

11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {17D15EAB-C766-4615-9F23-

A5A6999300A0} - c:\windows\system32\gcfdoqo.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-

A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-

BC86-EABFE594F69C} - C:\Program Files\Java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-

B40E-20066696354B} - C:\Program Files\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-

9B18-009027A5CD4F} - C:\Program Files\Google\Google

Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI

Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1

\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program

Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-

4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program

Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-

4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell

Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3

\DLCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32

\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier

.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program

Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program

Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"

AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk =

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program

Files\PrintMaster Gold 17\Remind.exe
O8 - Extra context menu item: Add to Google Photos

Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel

- res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200

-58CAB36FD2A2} - C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy

Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7

-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E

-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E}

(System Requirements Lab) -

http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

(Installation Support) - C:\Program Files\Yahoo!

\Common\Yinsthelper.dll
O16 - DPF: {31A8068E-5C15-402F-81C0-04C7D2D66CE6}

(NlsComm Component Class) -

http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -

http://www.fileplanet.com/fpdlmgr/ca...C_2.3.6.108.ca

b
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}

(GameLauncher Control) -

http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java

Runtime Environment 1.6.0) - http://dl8-cdn-

09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-

windows-i586-jc.cab?

e=1239239893241&h=44f1459db1f2c0c10b61d669ef3d4fb7/&file

name=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557}

(CSolidBrowserObj Object) -

http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}

(Virtools WebPlayer Class) -

http://a532.g.akamai.net/f/532/6712/...yer.virtools.c

om/downloads/player/Install3.0/Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8}

(Virtools WebPlayer Class) -

http://a532.g.akamai.net/f/532/6712/...tools.download

.akamai.com/6712/player/install/installer.exe
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} -

Imikimi.com - Customizable Comments, Images, Animations, Photos, Frames and Graphics for MySpace, Hi5, Orkut, Friendster and Facebook.
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6}

(CPlayFirstDinerDashControl Object) -

http://www.playfirst.com/play/game/d...sh/DinerDash.1

.0.0.93.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mrjfswwp - C:\WINDOWS\SYSTEM32

\gcfdoqo.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) -

Lavasoft - C:\Program Files\Lavasoft\Ad-

Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) -

America Online, Inc. - C:\PROGRA~1\COMMON~1

\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. -

C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) -

Ares Development Group - C:\Program

Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec

Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. -

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access -

Creative Technology Ltd - C:\WINDOWS\system32

\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google -

C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter

(JavaQuickStarterService) - Sun Microsystems, Inc. -

C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}

\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service

(navapsvc) - Symantec Corporation - C:\Program

Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R)

Corporation - C:\Program

Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service

(NPFMntor) - Symantec Corporation - C:\Program

Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service

(NSCService) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\Security

Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec

Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: SPBBCSvc - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\CCPD-

LC\symlcsvc.exe
O23 - Service: WMP54GX4SVC - GEMTEKS - C:\Program

Files\Linksys Wireless-G PCI Adapter with SRX400

\WLService.exe

--
End of file - 10712 bytes

Was it done in Safe Mode?

If so....
Download avz4.zip from here

• Unzip it to your desktop to a folder named avz4
• Double click on AVZ.exe to run it.
• Run an update by clicking the Auto Update button on the Right of the Log window:
• Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

• After the update, from the "File" menu, choose "Standard Scripts"
• Put a check next to item 2: Advanced System Investigation
• Click Execute selected scripts
• At the next prompt, click the OK button
• Let the scan run and click "OK" when the completion prompt pops up
• Now Close out of the Standard Scripts window, and exit AVZ
• Navigate to the avz4 folder and locate the folder LOG
• Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
• Attach the compressed file, virusinfo_syscheck.zip, to your next reply.

__________________
My Home Page

Oh, next time you post HJT log, make sure the "word wrap" in Notepad is disabled. Otherwise the log is hard to read.

__________________
My Home Page

Yes, I was in safe mode when I tried to delete that file. Here is the AVZ4 compressed file. Also, sorry for the word wrap thing in notepad. lol

Attached Files

virusinfo_syscheck.zip (29.7 KB, 2 views)

1. Go to Add\Remove, and uninstall RegistryPowerCleaner (if present).

2.

• Close all windows then double click on AVZ.exe
• Click File > Custom scripts
• Running script window will open
• Copy & paste the contents of the following codebox in the Running script window
  
  
  Code:

  begin
  SetAVZGuardStatus(True);
  SearchRootkit(true, true);
   DelBHO('{17D15EAB-C766-4615-9F23-A5A6999300A0}');
   StopService('ksfzszxh');
   DeleteService('ksfzszxh');
   BC_DeleteFile('C:\WINDOWS\system32\drivers\ksfzszxh.sys');
   BC_DeleteFile('c:\windows\system32\gcfdoqo.dll');
   BC_DeleteFile('C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe');
  BC_ImportDeletedList;
  ExecuteSysClean;
  BC_Activate;
  RebootWindows(true);
  end.

• Note: When you run the script, your PC will be restarted
• Click Run
• Restart your PC if it doesn't do it automatically, and post back with a new HijackThis log.

__________________
My Home Page

Ok, I just did what you told me. Here's the latest Hijackthis logfile.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:04 PM, on 4/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WMP54GX.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {17D15EAB-C766-4615-9F23-A5A6999300A0} - c:\windows\system32\gcfdoqo.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtim e.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Gold 17\Remind.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31A8068E-5C15-402F-81C0-04C7D2D66CE6} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSC...ws-i586-jc.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - Imikimi.com - Customizable Comments, Images, Animations, Photos, Frames and Graphics for MySpace, Hi5, Orkut, Friendster and Facebook.
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst.com/play/game/d...h.1.0.0.93.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mrjfswwp - C:\WINDOWS\SYSTEM32\gcfdoqo.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WMP54GX4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Adapter with SRX400\WLService.exe

--
End of file - 10770 bytes