WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

HiJackThis log

Started by AJP , Mar 24 2007 12:19 PM

Please log in to reply

14 replies to this topic

#1 AJP

New Member

Authentic Member
9 posts

Posted 24 March 2007 - 12:19 PM

Hello all. I seem to be having an odd problem (at least for me).

I'm using Internet Explorer, and every so often, after clicking a link, I get a WinAntiVirusPro pop up window that completely takes over my Internet Explorer. Click close, and it still asks. Finally, after closing about 5-7 windows, it's gone, but so is the original page I was trying to access if from.

Here is my log, I hope you can help!

Logfile of HijackThis v1.99.1
Scan saved at 1:08:28 PM, on 3/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Avram Peters\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.0.5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...876/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

Egads, I just remembered something else that I should have mentioned...

Every so often my computer will just drag down to almost a snail's pace. I'll open the task manager, and it will take upwards of 2 minutes to open. Then, with the TM open, the computer will not go slow again. If I close the TM, it will slowly build up to the snail's pace yet again. Open it, wait two minutes for it to open, and voila, CPU is zero and the computer is fast again!

Any guidance would be appreciated!

Advertisements

Register to Remove

#2 silver

Malware Expert Emeritus

Authentic Member
2,994 posts

Posted 26 March 2007 - 09:31 PM

Hello and welcome to TomCoyote! My name is silver and I'm currently looking over your log. Please hold on while I research a fix for you.

ASAP & UNITE Member

#3 AJP

New Member

Authentic Member
9 posts

Posted 27 March 2007 - 09:52 PM

Thanks Silver, any help you can provide would be greatly appreciated!

#4 silver

Malware Expert Emeritus

Authentic Member
2,994 posts

Posted 28 March 2007 - 01:02 AM

Hi AJP,

Please save/print a copy of these instructions because we will be using Safe Mode during which time you won't have access to the internet.

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
A log file will be created at C:\vundofix.txt, please post the contents of this in your next response.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Then, download, install, and update AVG Anti-Spyware 7.5
Download the installer from this page:
http://www.ewido.net/en/download/

Save the installer to desktop
Double click the installer, select your language, and then select OK
Click NEXT->Do or don't read the "User License Agreement"
Select I Agree->NEXT->INSTALL
AVG will now install and afterwards click FINISH
Click the Update tab at the top. Under Manual Update click Start update.
After the update finishes the status bar at the bottom will display "Update successful"
Close AVG Anti-Spyware 7.5. Do not run a scan yet.

Reboot your computer into Safe Mode
To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads.
Select Safe Mode at the top, on the screen that appears.
Sign in with your normal user account

Once in safe mode:

Then run AVG Anti-Spyware 7.5 and click on the Scanner tab at the top
Click the Settings tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected and Un-check Only if Threats are found
Click back to the Scan tab and then click on Complete System Scan.
This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware 7.5 will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action.
Click the Apply all actions button. AVG Anti-Spyware 7.5 will display All actions have been applied on the right hand side.
Click on Save Report, then Save Report As. This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Now reboot your computer normally

Please make a new folder to put your HijackThis program file into. Anywhere on your hard drive is fine other than your Desktop or the Temp folder. We suggest you use something like C:\HJT. This is to ensure that HijackThis saves backups which can be recovered if needed.

Use Windows Explorer to make a new folder - navigate to C:\ and choose File->New->Folder and name it HJT
Right click on hijackthis.zip and select Extract all....
Extract all to the new folder C:\HJT
If you wish to have a shortcut on your desktop, navigate to C:\HJT, right-click hijackthis.exe and choose Send To->Desktop (create shortcut)

Now open HijackThis, select Open the Misc Tools section
Press the Open Uninstall Manager... button, then press Save list...
Save the Uninstall log to your deskop and include a copy in your next response.
Now press Back and Scan and then Save log to create and save a new HijackThis log.

Once complete, please post the contents of C:\vundofix.txt, the AVG Antispyware log and the uninstall list along with a new HijackThis log.

ASAP & UNITE Member

#5 AJP

New Member

Authentic Member
9 posts

Posted 28 March 2007 - 06:44 AM

Hello and thanks for your reply! I ran the VundoFix, but it didn't find any files to remove. should I go ahead and continue with the instructions? Or is there something else that needs to be checked prior to running the AVG anti-spyware? Thanks again! AJP

#6 silver

Malware Expert Emeritus

Authentic Member
2,994 posts

Posted 28 March 2007 - 07:01 AM

That's OK, please continue with the instructions and we'll take it from there.

ASAP & UNITE Member

#7 AJP

New Member

Authentic Member
9 posts

Posted 28 March 2007 - 09:07 AM

Here is the uninstall list: Adobe Flash Player 9 ActiveX Adobe Reader 7.0.5 Language Support Adobe Reader 7.0.8 Adobe® Photoshop® Album Starter Edition 3.0 AVG Anti-Spyware 7.5 AVG Free Edition Brother MFL-Pro Suite DeLorme Street Atlas USA 2007 EVGA Display Driver HijackThis 1.99.1 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB909394) Hotfix for Windows XP (KB926239) Intel® Extreme Graphics 2 Driver Intel® PRO Network Adapters and Drivers Intel® PROSet J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Java 2 Runtime Environment, SE v1.4.2_03 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft ActiveSync 4.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable MSN Music Assistant MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 Parser and SDK OMCI PaperPort PowerDVD OD QuickTime Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913433) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929969) Sonic DLA Sonic RecordNow! Plus Sonic Update Manager SupportSoft Assisted Service Uniblue SpyEraser Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB929338) Update for Windows XP (KB931836) VideoLAN VLC media player 0.8.5 WD Diagnostics Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 10 Hotfix - KB894476 Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 XP Codec Pack

#8 AJP

New Member

Authentic Member
9 posts

Posted 28 March 2007 - 09:08 AM

AVG Anti-Spyware log: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 9:53:33 AM 3/28/2007 + Scan result: C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@archant.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@bellglobemediapublishing.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@clubmom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@geosign.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@hearstmagazines.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@hertz.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@hollywoodentertainment.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@indigio.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@journalregistercompany.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@kiplinger.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@leeenterprises.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@marksandspencer.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@mediamatters.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@meijer.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@microsoftconsumermarketing.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@microsoftoffice.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@mohg.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@networksolutions.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@poweronemedia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@primediabusiness.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@saxoconcordmonitor.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@saxosouthbend.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@siemens.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@sonycorporate.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@wpni.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Local Settings\Temp\Cookies\avram peters@2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@tunes4tones.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned. C:\Documents and Settings\Avram Peters\Local Settings\Temp\Cookies\avram peters@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@advertising[2].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Avram Peters\Local Settings\Temp\Cookies\avram peters@advertising[1].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@bfast[2].txt -> TrackingCookie.Bfast : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@bluemountain[2].txt -> TrackingCookie.Bluemountain : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\Avram Peters\Local Settings\Temp\Cookies\avram peters@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ads18.bpath[2].txt -> TrackingCookie.Bpath : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@castup[1].txt -> TrackingCookie.Castup : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@switch5.castup[1].txt -> TrackingCookie.Castup : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ads.cnn[2].txt -> TrackingCookie.Cnn : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ads.guardian.co[1].txt -> TrackingCookie.Co : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@com[2].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@news.com[2].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@bilbo.counted[2].txt -> TrackingCookie.Counted : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Avram Peters\Local Settings\Temp\Cookies\avram peters@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@e-2dj6wfkokgazoeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@e-2dj6wfmiejcpclq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@e-2dj6wgkyoodjkao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@e-2dj6wjk4alazmko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@e-2dj6wjk4khd5mlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@e-2dj6wjl4ohcpgho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@e-2dj6wjlyuid5aho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@e-2dj6wjnycncjmko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@e-2dj6wjnygmc5wlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@e-2dj6wjnywld5clo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@hit.gemius[2].txt -> TrackingCookie.Gemius : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-accuweather.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-aha.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-aig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-ati.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-autodesk.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-autozone.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-bestwestern.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-bizjournals.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-chrysler.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-comcast.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-darden.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-digg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-findlaw.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-foxmovies.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-friendster.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-gatehousemedia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-ifilm.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-inforspaceinc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-intuit.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-linksys.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-meevee.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-mgmmirageoperations.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-netquote.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-newegg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-newscientist.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-newyorkpost.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-nokiafin.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-olympus.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-onestopinternet.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-oreilly.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-randomhouse.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-researchinmotion.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-rwbaird.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-space.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-stampsdotcom.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-theheritagefoundation.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-uniontrib.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-verizonwireless.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-viacom.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-xmsatelliteradio.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-youtube.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg-zoom.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@search.msn[1].txt -> TrackingCookie.Msn : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@revenue[1].txt -> TrackingCookie.Revenue : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@revsci[1].txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@http-mw.edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@spylog[1].txt -> TrackingCookie.Spylog : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@h.starware[1].txt -> TrackingCookie.Starware : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@try.starware[1].txt -> TrackingCookie.Starware : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned. C:\RECYCLER\S-1-5-21-2213940202-3882194109-319418948-1005\Dc4.txt -> TrackingCookie.Statcounter : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@a.total-media[2].txt -> TrackingCookie.Total-media : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@he.valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Avram Peters\Cookies\avram peters@zedo[2].txt -> TrackingCookie.Zedo : Cleaned. ::Report end

#9 AJP

New Member

Authentic Member
9 posts

Posted 28 March 2007 - 09:09 AM

Last, but not least, VundoFix log: VundoFix V6.3.18 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Java version is 1.5.0.11 Scan started at 7:33:24 AM 3/28/2007 Listing files found while scanning.... No infected files were found. Beginning removal...

#10 AJP

New Member

Authentic Member
9 posts

Posted 28 March 2007 - 12:49 PM

OOPS! I just realized I forgot the HiJack This log... here it is...

Logfile of HijackThis v1.99.1
Scan saved at 1:44:41 PM, on 3/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Documents and Settings\Avram Peters\Desktop\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Documents and Settings\Avram Peters\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Avram Peters\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.0.5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...876/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Avram Peters\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

#11 silver

Malware Expert Emeritus

Authentic Member
2,994 posts

Posted 29 March 2007 - 02:07 AM

Hi AJP,

OK we are making progress, next a couple more scans:

Please download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Close ALL OTHER PROGRAMS.
Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Post the log file in your next response.
It can be quite long, so please check once you have posted, and if the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Then download F-Secure Blacklight (blbeta.exe):
https://europe.f-sec...light/try.shtml

Click I ACCEPT and download the graphical user interface version to your Desktop
Double click the file to run it, choose I accept the agreement then press Scan
It will create the "fsbl-xxxxxxx.log" on your desktop.
The log will have a list of all items found.
Do not choose to rename any yet! I want to see the log first because legitimate items can also be present.
Exit Blacklight and post the contents of the log in your next reply.

Once complete, please post the WinPFind3u log, the Blacklight log and a new HijackThis log.

ASAP & UNITE Member

#12 AJP

New Member

Authentic Member
9 posts

Posted 29 March 2007 - 06:14 AM

thanks Silver! Here are the three logfiles...

WinPFind3U:

WinPFind3 logfile created on: 3/29/2007 6:37:30 AM
WinPFind3U by OldTimer - Version 1.0.31 Folder = C:\Documents and Settings\Avram Peters\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

509 Mb Total Physical Memory | 301 Mb Available Physical Memory | 59.05% Memory free
1 Gb Paging File | 0 Gb Available in Paging File | 75.90% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74 Gb Total Space | 52 Gb Free Space | 70.80% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232 Gb Total Space | 228 Gb Free Space | 98.22% Space Free

Computer Name: DELL-HOME
Current User Name: Avram Peters
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/7/2005 12:46:24 AM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 2/25/2007 4:51:38 AM | Attr = ]
avgas.exe -> %UserDesktop%\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 2/9/2007 9:10:52 AM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 11/24/2006 11:41:28 PM | Attr = ]
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 6/23/2005 4:31:48 PM | Attr = ]
guard.exe -> %UserDesktop%\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 3:32:24 PM | Attr = ]
iap.exe -> %ProgramFiles%\Dell\OpenManage\Client\Iap.exe -> Dell Inc [Ver = 7, 1, 382, 0 | Size = 155648 bytes | Modified Date = 2/13/2004 10:47:02 AM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 3:36:20 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 4:23:28 AM | Attr = ]
pptd40nt.exe -> %ProgramFiles%\ScanSoft\PaperPort\pptd40nt.exe -> ScanSoft, Inc. [Ver = 9.0 | Size = 57393 bytes | Modified Date = 4/14/2004 2:46:50 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 9/10/2006 8:08:00 AM | Attr = ]
spyeraser.exe -> %ProgramFiles%\Uniblue\SpyEraser\SpyEraser.exe -> Uniblue Software [Ver = 1.2.1.1151 | Size = 1331712 bytes | Modified Date = 1/30/2007 11:12:40 AM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.31.0 | Size = 318464 bytes | Modified Date = 3/26/2007 8:04:38 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %UserDesktop%\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 9:13:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 2/25/2007 4:51:38 AM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 11/24/2006 11:41:28 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(Iap) Iap [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\Iap.exe -> Dell Inc [Ver = 7, 1, 382, 0 | Size = 155648 bytes | Modified Date = 2/13/2004 10:47:02 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 2:06:04 AM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 3/3/2003 1:33:40 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %UserDesktop%\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 7:20:00 AM | Attr = ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/7/2005 12:46:24 AM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 2/9/2007 9:10:52 AM | Attr = ]
ControlCenter2.0 -> %ProgramFiles%\Brother\ControlCenter2\brctrcen.exe -> Brother Industries, Ltd. [Ver = 2, 0, 12, 4 | Size = 864256 bytes | Modified Date = 11/11/2004 10:00:04 PM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 6/23/2005 4:31:48 PM | Attr = ]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 3:32:24 PM | Attr = ]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 3:36:20 PM | Attr = ]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 94208 bytes | Modified Date = 9/20/2005 3:35:40 PM | Attr = ]
IndexSearch -> %ProgramFiles%\ScanSoft\PaperPort\IndexSearch.exe -> ScanSoft, Inc. [Ver = 9.0 | Size = 40960 bytes | Modified Date = 4/14/2004 3:04:12 PM | Attr = ]
PaperPort PTD -> %ProgramFiles%\ScanSoft\PaperPort\pptd40nt.exe -> ScanSoft, Inc. [Ver = 9.0 | Size = 57393 bytes | Modified Date = 4/14/2004 2:46:50 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 9/10/2006 8:08:00 AM | Attr = ]
SSBkgdUpdate -> %CommonProgramFiles%\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -> Scansoft, Inc. [Ver = 1, 0, 0, 6 | Size = 155648 bytes | Modified Date = 10/14/2003 10:22:30 AM | Attr = R ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 4:23:28 AM | Attr = ]
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.33b | Size = 110592 bytes | Modified Date = 1/7/2004 1:01:00 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Uniblue SpyEraser -> %ProgramFiles%\Uniblue\SpyEraser\SpyEraser.exe -> Uniblue Software [Ver = 1.2.1.1151 | Size = 1331712 bytes | Modified Date = 1/30/2007 11:12:40 AM | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %UserDesktop%\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 9:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4396 | Size = 135168 bytes | Modified Date = 9/20/2005 3:31:28 PM | Attr = ]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.dell.com ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page -> http://www.dell.com ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{0A87E45F-537A-40B4-B812-E2544C21A09F} [HKLM] -> %ProgramFiles%\SpyCatcher 2006\SCActiveBlock.dll [SpywareBlock Class] -> File not found
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 4:23:24 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 12/15/2006 4:23:26 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 4:23:24 AM | Attr = ]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> Reg Data - Value does not exist [ButtonText: Create Mobile Favorite] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{3126B78D-C56E-45C0-B9D0-D561FF68B84B} -> (Windows Mobile-based Device) ->
{77E199C5-4077-4012-88D9-9B732D6608A0} -> (Intel® PRO/100 VE Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00000055-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.micros...cs/i386/fhg.CAB ->
{01A88BB1-1174-41EC-ACCB-963509EAE56B} -> SysProWmi Class - CodeBase = http://support.dell....iler/SysPro.CAB ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com...ex/qtplugin.cab ->
{2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} -> DownloadManager Control - CodeBase = http://dlm.tools.aka...vex-2.2.0.5.cab ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.micros...ntent/opuc3.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.ma...ash/swflash.cab ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase = http://download.mcaf...876/mcfscan.cab ->

[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534827008 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = HS]
HJT -> %SystemDrive%\HJT -> [Folder | Created Date = 3/28/2007 8:58:08 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 3/28/2007 6:33:24 AM | Attr = ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/18/2007 7:33:27 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 3/18/2007 7:35:47 PM | Attr = H ]
brmx2001.ini -> %SystemRoot%\brmx2001.ini -> [Ver = | Size = 51 bytes | Created Date = 3/28/2007 9:53:15 AM | Attr = ]
Intuit -> %SystemRoot%\Intuit -> [Folder | Created Date = 3/23/2007 6:47:11 AM | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 3/28/2007 10:28:42 AM | Attr = ]
opt_2460.ini -> %SystemRoot%\opt_2460.ini -> [Ver = | Size = 40 bytes | Created Date = 3/28/2007 9:53:15 AM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 3/4/2007 8:22:43 PM | Attr = ]
Microsoft_Hardware_Launch_IType_exe.job -> %SystemRoot%\tasks\Microsoft_Hardware_Launch_IType_exe.job -> [Ver = | Size = 314 bytes | Created Date = 3/4/2007 4:38:33 PM | Attr = H ]
Uniblue SpyEraser.job -> %SystemRoot%\tasks\Uniblue SpyEraser.job -> [Ver = | Size = 352 bytes | Created Date = 3/21/2007 8:18:07 PM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 3/23/2007 6:41:26 AM | Attr = ]
archlib.dll -> %System32%\archlib.dll -> Tenebril Incorporated [Ver = 0, 0, 2, 2 | Size = 180224 bytes | Created Date = 3/21/2007 6:30:28 AM | Attr = S]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 49248 bytes | Created Date = 2/28/2007 9:19:59 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 53346 bytes | Created Date = 2/28/2007 9:19:59 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 127078 bytes | Created Date = 2/28/2007 9:20:00 PM | Attr = ]
locate.com -> %System32%\locate.com -> [Ver = | Size = 11254 bytes | Created Date = 3/24/2007 12:45:29 PM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Created Date = 3/23/2007 11:42:51 AM | Attr = ]
Ntrights.exe -> %System32%\Ntrights.exe -> [Ver = | Size = 39184 bytes | Created Date = 3/24/2007 12:45:29 PM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 3/24/2007 12:45:29 PM | Attr = ]
restart.exe -> %System32%\restart.exe -> WareSoft Software [Ver = 1.00 | Size = 16384 bytes | Created Date = 3/24/2007 12:45:29 PM | Attr = ]
strings.exe -> %System32%\strings.exe -> [Ver = | Size = 175616 bytes | Created Date = 3/24/2007 12:45:29 PM | Attr = ]
tenarchlib -> %System32%\tenarchlib -> [Folder | Created Date = 3/21/2007 6:30:29 AM | Attr = ]
zip.exe -> %System32%\zip.exe -> [Ver = | Size = 126976 bytes | Created Date = 3/24/2007 12:45:29 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/28/2007 7:17:12 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534827008 bytes | Modified Date = 3/28/2007 11:25:42 AM | Attr = HS]
HJT -> %SystemDrive%\HJT -> [Folder | Modified Date = 3/28/2007 1:44:42 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/23/2007 8:20:54 AM | Attr = R ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 3/23/2007 12:45:12 PM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 3/28/2007 7:33:26 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/28/2007 11:28:44 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 3/18/2007 8:32:18 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 3/18/2007 8:33:30 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 3/18/2007 8:35:48 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/28/2007 11:25:44 AM | Attr = S]
brdfxspd.dat -> %SystemRoot%\brdfxspd.dat -> [Ver = | Size = 0 bytes | Modified Date = 3/28/2007 10:54:24 AM | Attr = ]
brmx2001.ini -> %SystemRoot%\brmx2001.ini -> [Ver = | Size = 51 bytes | Modified Date = 3/28/2007 10:53:16 AM | Attr = ]
brpcfx.ini -> %SystemRoot%\brpcfx.ini -> [Ver = | Size = 152 bytes | Modified Date = 3/28/2007 10:53:30 AM | Attr = ]
Brpfx04a.ini -> %SystemRoot%\Brpfx04a.ini -> [Ver = | Size = 1137 bytes | Modified Date = 3/28/2007 10:54:40 AM | Attr = ]
brwmark.ini -> %SystemRoot%\brwmark.ini -> [Ver = | Size = 743 bytes | Modified Date = 3/28/2007 10:30:12 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 3/21/2007 7:13:34 AM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 3/23/2007 8:20:54 AM | Attr = R S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 3/18/2007 8:33:44 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 3/28/2007 11:29:02 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/23/2007 7:47:14 AM | Attr = HS]
Intuit -> %SystemRoot%\Intuit -> [Folder | Modified Date = 3/23/2007 7:47:12 AM | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 3/28/2007 11:28:44 AM | Attr = ]
opt_2460.ini -> %SystemRoot%\opt_2460.ini -> [Ver = | Size = 40 bytes | Modified Date = 3/28/2007 10:53:16 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/29/2007 6:37:06 AM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 3/4/2007 9:22:44 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 3/26/2007 11:15:16 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 3/23/2007 12:45:10 PM | Attr = ]
repair -> %SystemRoot%\repair -> [Folder | Modified Date = 3/23/2007 12:45:16 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 3/28/2007 11:24:14 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 3/21/2007 9:18:08 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 3/28/2007 1:42:36 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 634 bytes | Modified Date = 3/22/2007 3:29:58 PM | Attr = ]
Microsoft_Hardware_Launch_IType_exe.job -> %SystemRoot%\tasks\Microsoft_Hardware_Launch_IType_exe.job -> [Ver = | Size = 314 bytes | Modified Date = 3/5/2007 4:13:46 PM | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/28/2007 11:25:46 AM | Attr = H ]
Uniblue SpyEraser.job -> %SystemRoot%\tasks\Uniblue SpyEraser.job -> [Ver = | Size = 352 bytes | Modified Date = 3/21/2007 9:18:08 PM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 3/23/2007 7:41:28 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 3/28/2007 11:28:22 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 3/18/2007 8:35:50 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 3/28/2007 8:17:14 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 192184 bytes | Modified Date = 3/23/2007 8:20:56 AM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 3/23/2007 11:08:02 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 54280 bytes | Modified Date = 3/17/2007 4:44:20 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 384596 bytes | Modified Date = 3/17/2007 4:44:20 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 445630 bytes | Modified Date = 3/17/2007 4:44:20 PM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 3/4/2007 5:38:06 PM | Attr = ]
tenarchlib -> %System32%\tenarchlib -> [Folder | Modified Date = 3/21/2007 7:30:30 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 3/28/2007 11:26:22 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
UPX! , -> %System32%\locate.com -> [Ver = | Size = 11254 bytes | Modified Date = 1/13/2005 9:41:48 PM | Attr = ]
UPX! , UPX0 , -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 123392 bytes | Modified Date = 11/25/2003 5:32:02 PM | Attr = ]
UPX! , WSUD , UPX0 , -> %System32%\strings.exe -> [Ver = | Size = 175616 bytes | Modified Date = 1/20/2005 1:47:50 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 2/25/2007 4:51:34 AM | Attr = ]

< End of report >

#13 AJP

New Member

Authentic Member
9 posts

Posted 29 March 2007 - 06:16 AM

FSecure logfile:

03/29/07 07:07:01 [Info]: BlackLight Engine 1.0.55 initialized
03/29/07 07:07:01 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/29/07 07:07:01 [Note]: 7019 4
03/29/07 07:07:01 [Note]: 7005 0
03/29/07 07:07:04 [Note]: 7006 0
03/29/07 07:07:04 [Note]: 7011 1528
03/29/07 07:07:04 [Note]: 7026 0
03/29/07 07:07:04 [Note]: 7026 0
03/29/07 07:07:10 [Note]: FSRAW library version 1.7.1021

HJT Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 7:12:32 AM, on 3/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Documents and Settings\Avram Peters\Desktop\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Documents and Settings\Avram Peters\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Avram Peters\Desktop\blbeta.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Avram Peters\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.0.5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...876/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Avram Peters\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

#14 silver

Malware Expert Emeritus

Authentic Member
2,994 posts

Posted 30 March 2007 - 12:22 AM

Hi AJP,

How is your machine running? Are you still getting the WinAntiVirusPro popups you originally reported?

Next please do an online scan with Kaspersky:

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky,
Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT and then Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
The program will start to scan your system.
Once the scan is complete, click on the Save as Text button and save the file to your desktop

Once complete, please post the Kaspersky log along with a new HijackThis log and tell me about the popup situation.

ASAP & UNITE Member

#15 silver

Malware Expert Emeritus

Authentic Member
2,994 posts

Posted 08 April 2007 - 12:25 AM

Hi AJP, How are you getting on? If the instructions are unclear or something isn't working, please let me know before proceeding.

ASAP & UNITE Member

Body Background

skin color theme