Application cannot be executed. The file xxx is infected.

[Addicted2Apples]

Hello there. 

just yesterday, my laptop acted up and whenever I tried to run any program, a balloon on the bottom would say "Application cannot be executed. The file xxx is infected." and this strange "antivirus software" which i didn't download started to appear and such. It seems that I can't access any web page on Internet Explorer at all since the only thing the page would display is "Internet Explorer Warning - visiting this web site may harm your computer!" So I am currently using firefox on window XP. My firefox is also off and I can't turn it back on because the Avira can't update.

I'm really appreciated if anyone can help as soon as possible. Thank you.

[treblasemaj]

Hi,

This seems to be an issue, due to Virus Infection or a Browser Hijack issue.
Suggest you to first disconnect your computer from Internet, then try to run a complete virus scan on your computer if there is a Licensed Antivirus installed on your computer.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Ok. Let's try this first.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.
 
Vista and Win7 users need to right click Rkill and choose Run as Administrator
 

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.
 
Now download and Run exeHelper.

Please download exeHelper from Raktor to your desktop.

• Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.
  
  Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
  

[Addicted2Apples]

Thank you for helping Dave. Here are the logs

---
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Dan Nguyen on 05/16/2010 at 16:22:21.


Processes terminated by Rkill or while it was running:


C:\DOCUME~1\DANNGU~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe
C:\Documents and Settings\Dan Nguyen\My Documents\Downloads\rkill.exe
C:\Documents and Settings\Dan Nguyen\My Documents\Downloads\exeHelper.com


Rkill completed on 05/16/2010  at 16:24:53.


---

exeHelper by Raktor
Build 20100414
Run at 16:06:09 on 05/16/10
Now searching...
Checking for numerical processes...
exeHelper by Raktor
Build 20100414
Run at 16:22:22 on 05/16/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

[SuperDave]

Ok. That's good. Let's see if you can run these scans.
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post
=========================================
Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
========================================
Please download: HiJackThis to your Desktop.

• Double Click the HijackThis icon, located on your Desktop.
  
• By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
• Accept the license agreement.
• Click the Open the Misc Tools section button.
  
• Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
  
• Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
  
• Please post the log in your next reply.
  

[Addicted2Apples]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/17/2010 at 02:38 AM

Application Version : 4.37.1000

Core Rules Database Version : 4900
Trace Rules Database Version: 2712

Scan type       : Complete Scan
Total Scan Time : 07:18:17

Memory items scanned      : 590
Memory threats detected   : 0
Registry items scanned    : 5280
Registry threats detected : 124
File items scanned        : 64487
File threats detected     : 487

Adware.MyWebSearch
   HKU\S-1-5-21-1757981266-261903793-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
   HKU\S-1-5-21-1757981266-261903793-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKU\S-1-5-21-1757981266-261903793-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Adware.HBHelper
   HKU\S-1-5-19_Classes\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}
   HKU\S-1-5-20_Classes\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Adware.Tracking Cookie
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@intermundomedia[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@invitemedia[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@ru4[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adxpose[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@2o7[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][5].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@statcounter[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@atdmt[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@kontera[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adcentriconline[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@nextag[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@apmebf[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@pointroll[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@mediaplex[4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][5].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@azjmp[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@tribalfusion[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@tacoda[6].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@game-advertising-online[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@smartadserver[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@media6degrees[4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@trafficmp[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adbrite[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@collective-media[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@yadro[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adtech[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@ticketsnow[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adlegend[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@click2go[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@bluestreak[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@serving-sys[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@lfstmedia[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@redorbit[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@pro-market[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@247realmedia[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@casalemedia[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adultfriendfinder[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@imrworldwide[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][5].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@revsci[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adecn[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@atwola[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][5].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@toplist[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@interclick[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adbureau[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@fastclick[4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@yieldmanager[5].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@advertiseyourgame[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@doubleclick[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@invitemedia[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@roiservice[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@mediafire[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adinterax[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@insightexpressai[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@overture[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@smartadx[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@yieldmanager[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@clicksor[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@xiti[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@tns-counter[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@estat[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][6].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@mediaforgews[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@bravenet[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][6].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@traffictrack[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@advertlets[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@realmedia[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@lucidmedia[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][9].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@valueclick[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@accesstoinsight[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@myroitracking[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@webmasterplan[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@burstbeacon[4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@dmtracker[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@eyewonder[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@questionmarket[5].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adbrite[4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@flagcounter[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@tradedoubler[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@mmstat[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@legolas-media[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@soundtrackcollector[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@andomedia[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@zedo[4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@mediaforge[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@chitika[4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@naked[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@advertising[4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][7].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@crackle[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@burstbeacon[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][4].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
   C:\Documents and Settings\Administrator\Cookies\administrator@mediafire[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@247realmedia[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@2o7[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adbrite[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adbrite[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adbureau[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adecn[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adinterax[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adlegend[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adtech[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@advertiseyourgame[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@advertisingplug[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@advertising[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@advertising[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@adxpose[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@apmebf[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@atdmt[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@atwola[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@azjmp[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@bannertgt[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@bannertgt[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@bluestreak[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@burstbeacon[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@burstbeacon[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@burstnet[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@burstnet[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@burstnet[4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@casalemedia[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@chitika[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@chitika[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@click2go[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@click2reveal[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@clicksor[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@collective-media[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@crackle[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@dmtracker[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@doubleclick[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@eyewonder[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@fastclick[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@fastclick[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@findmidis[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@game-advertising-online[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@gostats[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@hitbox[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@hitbox[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@hookedmediagroup[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@imrworldwide[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@insightexpressai[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@interclick[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@intermundomedia[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@invitemedia[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@kontera[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@lfstmedia[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@lucidmedia[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@lynxtrack[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@media6degrees[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@media6degrees[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@mediafire[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@mediafire[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@mediaforgews[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@mediaforge[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@mediaplex[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@mediaplex[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@mochimedia[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@myroitracking[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@overture[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@pointroll[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@questionmarket[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@questionmarket[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@questionmarket[4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@realmedia[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@revsci[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@ru4[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@serving-sys[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@serving-sys[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@serving-sys[4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@serving-sys[5].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@smartadserver[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@specificclick[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@specificclick[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@specificmedia[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@specificmedia[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@specificmedia[4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@statcounter[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@tacoda[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@tacoda[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@tacoda[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@tacoda[4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@tacoda[5].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@tacoda[7].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@teennick[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@teensos[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@trackingvalue[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@trackingvalue[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@trafficmp[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@traveladvertising[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@tribalfusion[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@velmedia[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@weborama[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][4].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@xiti[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@xxxbunker[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@yadro[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@yieldmanager[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@yieldmanager[2].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@zanox[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@zanox[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@zedo[1].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\dan_nguyen@zedo[3].txt
   C:\Documents and Settings\Dan Nguyen\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@adlegend[2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@advertising[1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@apmebf[2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@atdmt[2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@atwola[2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@burstbeacon[1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@burstnet[1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@casalemedia[1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@chitika[1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@doubleclick[2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@fastclick[2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@imrworldwide[2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@insightexpressai[1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@interclick[2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@media6degrees[2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@mediafire[2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@mediaplex[1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@questionmarket[2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@realmedia[1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@revsci[2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@serving-sys[2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@specificclick[2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@specificmedia[1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@tacoda[1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\[email protected][3].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@trafficmp[2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@tribalfusion[2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\dan_nguyen@websponsors[2].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\guest@apmebf[1].txt
   C:\Documents and Settings\Guest.DAN-79359815A9B\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest.DAN-79359815A9B\Cookies\guest@atdmt[1].txt
   C:\Documents and Settings\Guest.DAN-79359815A9B\Cookies\guest@doubleclick[1].txt
   C:\Documents and Settings\Guest.DAN-79359815A9B\Cookies\guest@fastclick[1].txt
   C:\Documents and Settings\Guest.DAN-79359815A9B\Cookies\guest@interclick[1].txt
   C:\Documents and Settings\Guest.DAN-79359815A9B\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest.DAN-79359815A9B\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest.DAN-79359815A9B\Cookies\guest@questionmarket[1].txt

Adware.MyWebSearch/FunWebProducts
   HKU\S-1-5-21-1757981266-261903793-839522115-1003\SOFTWARE\Fun Web Products
   HKLM\SOFTWARE\Fun Web Products
   HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
   HKLM\SOFTWARE\Fun Web Products#CacheDir
   HKLM\SOFTWARE\Fun Web Products\MSNMessenger
   HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile
   HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir
   HKLM\SOFTWARE\Fun Web Products\ScreenSaver
   HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
   HKLM\SOFTWARE\Fun Web Products\Settings
   HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn
   HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#LastHTMLMenuURL
   HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#HTMLMenuRevision
   HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#ETag
   HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn
   HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#LastHTMLMenuURL
   HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#HTMLMenuRevision
   HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#ETag
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag
   HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn
   HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#LastHTMLMenuURL
   HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#HTMLMenuRevision
   HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#ETag
   HKU\S-1-5-21-1757981266-261903793-839522115-1003\SOFTWARE\FunWebProducts
   HKLM\SOFTWARE\FunWebProducts
   HKLM\SOFTWARE\FunWebProducts\Installer
   HKLM\SOFTWARE\FunWebProducts\Installer#Dir
   HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall
   HKLM\SOFTWARE\FunWebProducts\Installer#sr
   HKLM\SOFTWARE\FunWebProducts\Installer#pl
   HKLM\SOFTWARE\FunWebProducts\Installer#CheckForConnection
   HKLM\SOFTWARE\FunWebProducts\Installer#CacheDir
   HKU\S-1-5-21-1757981266-261903793-839522115-1003\SOFTWARE\MyWebSearch
   HKLM\SOFTWARE\MyWebSearch
   HKLM\SOFTWARE\MyWebSearch\bar
   HKLM\SOFTWARE\MyWebSearch\bar#UseFWB
   HKLM\SOFTWARE\MyWebSearch\bar#pid
   HKLM\SOFTWARE\MyWebSearch\bar#fwp
   HKLM\SOFTWARE\MyWebSearch\bar#mwsask
   HKLM\SOFTWARE\MyWebSearch\bar#tiec
   HKLM\SOFTWARE\MyWebSearch\bar#Dir
   HKLM\SOFTWARE\MyWebSearch\bar#UninstallString
   HKLM\SOFTWARE\MyWebSearch\bar#RegHookPath
   HKLM\SOFTWARE\MyWebSearch\bar#Id
   HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
   HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
   HKLM\SOFTWARE\MyWebSearch\bar#sr
   HKLM\SOFTWARE\MyWebSearch\bar#pl
   HKLM\SOFTWARE\MyWebSearch\bar#CacheDir
   HKLM\SOFTWARE\MyWebSearch\bar#ConfigDateStamp
   HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision
   HKLM\SOFTWARE\MyWebSearch\bar#sscLabel
   HKLM\SOFTWARE\MyWebSearch\bar#sscURL
   HKLM\SOFTWARE\MyWebSearch\bar#Flags
   HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
   HKLM\SOFTWARE\MyWebSearch\bar#AutocompleteURL
   HKLM\SOFTWARE\MyWebSearch\bar#ConfigCustomButtons
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#mwsask
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Id
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ConfigDateStamp
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sscEnabled
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#eintl
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ie8h
   HKLM\SOFTWARE\MyWebSearch\SkinTools
   HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
   HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
   HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
   HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
   HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version

Rogue.AntiSpywareXP2009
   C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.cfg
   C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll
   C:\Program Files\AntiSpywareXP2009

Rogue.AntivirusSoft
   HKU\S-1-5-21-1757981266-261903793-839522115-1003\Software\avsoft

[Addicted2Apples]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4107

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/17/2010 4:02:58 AM
mbam-log-2010-05-17 (04-02-58).txt

Scan type: Full scan (C:\|)
Objects scanned: 271970
Time elapsed: 8 hour(s), 39 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 40
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 7
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e4a92ab-f2c0-456a-9935-b715439790d7} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eacngcuu (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eacngcuu (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009 (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\T8 (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Dan Nguyen\Local Settings\Application Data\nsxxurcjn\rofckgetssd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Adobe PhotoShop CS3\Msvcrt.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\Adobe PhotoShop CS3\Shfolder.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\adware.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dan Nguyen\Local Settings\Temp\359109c0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn10 (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn16 (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn298 (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn301 (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn31 (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn4 (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn46 (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn53 (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn56 (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn7 (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.cfg (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\awat.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\hobosafoja.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.


================================================================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:30 PM, on 5/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\AIM7\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (filesize 75200 bytes, MD5 E5EF96D01F3B696817DB909B732D9BB2)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (filesize 263280 bytes, MD5 6CAC864C230B5E520AD054CF2DD66D59)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (filesize 764912 bytes, MD5 CD91E666B2446530583FBFFCF537BE4C)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (filesize 41760 bytes, MD5 C9EDE29F223A27873E187D9FB6045EA6)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (filesize 73728 bytes, MD5 DEE8F03D1EACE0C8F914A2C76568EA32)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (filesize 429816 bytes, MD5 CDD49DB35420C0B6B3FEC171171CBCCE)
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (filesize 474872 bytes, MD5 A490DBEC2A9CCA09156064629D938038)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (filesize 263280 bytes, MD5 6CAC864C230B5E520AD054CF2DD66D59)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE (filesize 67584 bytes, MD5 77ABDF73D9D90144A4E1F3A030EA042F)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent (filesize 33280 bytes, MD5 037B1E7798960E0420003D05BB577EE6)
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exeC:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exeC:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (filesize 155648 bytes, MD5 1C3CA3E7807F915933BB4E08E599DDAB)
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exeC:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exeC:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun (filesize 864256 bytes, MD5 89884E76023EF07C3FDF6BBE23B91AF3)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (filesize 282792 bytes, MD5 CF4A0E2C240501C826977ACC5F0E8411)
O4 - HKLM\..\Run: [VisualTooltip] C:\Documents and Settings\Dan Nguyen\Desktop\visual-tooltip-crystalxp.net-en-197\VisualToolTip.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (filesize 208952 bytes, MD5 7BBE4CF421AECC7F0226EDD75F12079F)
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXEC:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC (filesize 59392 bytes, MD5 1B17E09C1223F6D17336D2DD7A1AF4F4)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (filesize 455168 bytes, MD5 024DC0F68DF5FD6AE9DD82DFBAF479D6)
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (filesize 455168 bytes, MD5 024DC0F68DF5FD6AE9DD82DFBAF479D6)
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun (filesize 122880 bytes, MD5 5D24868CAC87DCD70C5B71101D39B0DE)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (filesize 149280 bytes, MD5 3A0647BDED81DBE0BCBB51D70B22C9E0)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (filesize 36272 bytes, MD5 F91F52F4EA5D88DAB6245682A16F3A72)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" (filesize 952768 bytes, MD5 DB1DB28467111A24664933AB8908CBCE)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (filesize 421888 bytes, MD5 ED7A6D40B20DC34BE06F4AE196AE7D50)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (filesize 142120 bytes, MD5 A244E67F073377DE0E53D3068932B040)
O4 - HKLM\..\Run: [eacngcuu] C:\Documents and Settings\Dan Nguyen\Local Settings\Application Data\nsxxurcjn\rofckgetssd.exeC:\Documents and Settings\Dan Nguyen\Local Settings\Application Data\nsxxurcjn\rofckgetssd.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" (filesize 2633976 bytes, MD5 0A1EB949ECC885DC942C76C4F0220688)
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM7\aim.exe" /d locale=en-US /HIDEBL (filesize 3829080 bytes, MD5 322DB05B3C05ECB00E92B39F166790C9)
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (filesize 39408 bytes, MD5 5D61BE7DB55B026A5D61A3EED09D0EAD)
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exeC:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [eacngcuu] C:\Documents and Settings\Dan Nguyen\Local Settings\Application Data\nsxxurcjn\rofckgetssd.exeC:\Documents and Settings\Dan Nguyen\Local Settings\Application Data\nsxxurcjn\rofckgetssd.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (filesize 331776 bytes, MD5 75D2905CC72D4DEB2771EEF42A809C35)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (filesize 63840 bytes, MD5 22BDC1E6E606C9BAE68141D7099309AB)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dan Nguyen\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllC:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeC:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Application Virtualization Client (sftlist) - Unknown owner - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (file missing)
O23 - Service: Application Virtualization Service Agent (sftvsa) - Unknown owner - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\wltrysvc.exe

--
End of file - 14105 bytes

[SuperDave]

You have

Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology

===================================

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

====================================
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [eacngcuu] C:\Documents and Settings\Dan Nguyen\Local Settings\Application Data\nsxxurcjn\rofckgetssd.exeC:\Documents and Settings\Dan Nguyen\Local Settings\Application Data\nsxxurcjn\rofckgetssd.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [eacngcuu] C:\Documents and Settings\Dan Nguyen\Local Settings\Application Data\nsxxurcjn\rofckgetssd.exeC:\Documents and Settings\Dan Nguyen\Local Settings\Application Data\nsxxurcjn\rofckgetssd.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dan Nguyen\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Application Virtualization Client (sftlist) - Unknown owner - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (file missing)
O23 - Service: Application Virtualization Service Agent (sftvsa) - Unknown owner - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

==============================

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[Addicted2Apples]

edited: nvm my IE is working now so I can just download it there. But i till dont get why do i need to rename the file. and also do you mind explaining to me why some of the entries you told me to deleted using hijackthis weren't there on the list when i tried to delete them?

after i had downloaded & renamed the combo fix and copied the link into RUN, this file NirCmd.cfxxe showed up and ask me which program i would like to use to open it. What do I do from here?

[SuperDave]

But i till dont get why do i need to rename the file.

Re-naming the program will allow it run without the infection blocking it.

also do you mind explaining to me why some of the entries you told me to deleted using hijackthis weren't there on the list when i tried to delete them?

That's because we fixed some by removing Windows Messenger and ViewPoint.

Ok. Let's try this.

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now.

[Addicted2Apples]

ok got it running now. thanks a lot



ComboFix 10-05-16.02 - Dan Nguyen 05/17/2010  19:48:52.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.447.103 [GMT -7:00]
Running from: c:\documents and settings\Dan Nguyen\desktop\blackpudding.bat
Command switches used :: /killall
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\Toolbar4
c:\documents and settings\Dan Nguyen\Local Settings\Temporary Internet Files\TestBrowser.html
c:\program files\scurit~1
c:\temp\0b9
c:\temp\0b9\tmpTF.log
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\IA
c:\windows\system32\fnts~1
c:\windows\system32\T3
c:\windows\system32\T4
c:\windows\system32\T6
c:\windows\system32\Vb40032.dll

Infected copy of c:\windows\system32\drivers\pci.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
(((((((((((((((((((((((((   Files Created from 2010-04-18 to 2010-05-18  )))))))))))))))))))))))))))))))
.

2010-05-17 01:23 . 2010-05-17 01:23   --------   d-----w-   c:\documents and settings\Dan Nguyen\Application Data\Malwarebytes
2010-05-17 01:18 . 2010-05-17 01:18   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-05-17 01:16 . 2010-05-17 01:16   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-05-17 01:13 . 2010-05-17 01:13   --------   d-----w-   c:\documents and settings\Dan Nguyen\Application Data\SUPERAntiSpyware.com

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 00:23 . 2008-11-06 05:54   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint
2010-05-17 11:02 . 2008-11-11 07:43   --------   d-----w-   c:\program files\Adobe PhotoShop CS3
2010-05-17 01:19 . 2010-05-17 01:19   --------   d-----w-   c:\program files\Trend Micro
2010-05-17 01:19 . 2010-05-17 01:17   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-17 01:18 . 2010-05-17 01:18   63488   ----a-w-   c:\documents and settings\Dan Nguyen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-17 01:18 . 2010-05-17 01:18   52224   ----a-w-   c:\documents and settings\Dan Nguyen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-17 01:17 . 2010-05-17 01:17   117760   ----a-w-   c:\documents and settings\Dan Nguyen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-17 01:14 . 2010-05-17 01:13   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-05-17 01:12 . 2010-05-17 01:12   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-05-16 23:19 . 2010-04-28 03:15   --------   d-----w-   c:\program files\VS Revo Group
2010-05-07 02:19 . 2008-11-07 06:35   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2010-05-07 02:18 . 2008-11-07 06:35   --------   d-----w-   c:\program files\NOS
2010-05-05 14:28 . 2009-09-06 00:38   --------   d-----w-   c:\program files\AIM7
2010-05-05 14:26 . 2010-05-05 14:26   --------   d-----w-   c:\program files\Common Files\Software Update Utility
2010-05-05 06:25 . 2010-03-04 03:20   --------   d-----w-   c:\program files\TeamViewer
2010-05-05 02:35 . 2008-11-08 05:41   --------   d-----w-   c:\program files\VSTplugins
2010-05-05 02:35 . 2010-05-03 06:54   --------   d-----w-   c:\program files\Image-Line
2010-05-03 07:01 . 2010-05-03 07:01   --------   d-----w-   c:\program files\Outsim
2010-05-01 05:18 . 2010-05-01 05:15   --------   d-----w-   c:\program files\iTunes
2010-05-01 05:16 . 2010-05-01 05:16   --------   d-----w-   c:\program files\iPod
2010-05-01 05:16 . 2008-11-06 04:14   --------   d-----w-   c:\program files\Common Files\Apple
2010-05-01 05:02 . 2008-05-18 23:58   --------   d-----w-   c:\program files\Bonjour
2010-05-01 04:45 . 2010-05-01 04:45   73000   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-29 22:39 . 2010-05-17 01:18   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-05-17 01:18   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-04-29 07:38 . 2010-02-24 09:25   --------   d-----w-   c:\program files\Microsoft Application Virtualization Client
2010-04-28 03:26 . 2010-02-24 09:31   --------   d-----w-   c:\documents and settings\Dan Nguyen\Application Data\SoftGrid Client
2010-04-26 07:11 . 2010-04-26 07:11   63636   ---ha-w-   c:\windows\system32\mlfcache.dat
2010-04-08 20:20 . 2010-04-08 20:20   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-04-04 22:51 . 2008-11-06 02:32   --------   d-----w-   c:\program files\Common Files\DVDVideoSoft
2010-04-02 05:29 . 2008-11-06 04:23   --------   d-----w-   c:\documents and settings\Dan Nguyen\Application Data\Apple Computer
2010-04-01 08:40 . 2010-04-01 08:36   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-01 08:27 . 2009-09-29 14:47   --------   d-----w-   c:\program files\QuickTime
2010-03-27 04:02 . 2010-03-27 04:02   --------   d-----w-   c:\documents and settings\Dan Nguyen\Application Data\Avira
2010-03-25 03:40 . 2004-10-02 10:37   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-03-10 06:15 . 2004-08-04 12:00   420352   ----a-w-   c:\windows\system32\vbscript.dll
2010-03-06 10:41 . 2009-12-30 15:44   346472   ----a-w-   c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-02 07:02 . 2008-11-08 02:45   82712   ----a-w-   c:\documents and settings\Dan Nguyen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-01 16:05 . 2009-06-22 10:53   124784   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2010-02-25 06:24 . 2004-08-04 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00   455680   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 16:10 . 2004-08-04 12:00   2189952   ----a-w-   c:\windows\system32\ntoskrnl.exe
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]
"Aim"="c:\program files\AIM7\aim.exe" [2010-04-29 3829080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-31 39408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-05 2923192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-02 67584]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-03-27 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-03-27 499712]
"SiSPower"="SiSPower.dll" [2004-09-03 49152]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-09-02 249856]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-13 106496]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-12 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-08 864256]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2009-08-03 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-31 122880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-11-2 331776]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\wowd.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56619:TCP"= 56619:TCP:Pando Media Booster
"56619:UDP"= 56619:UDP:Pando Media Booster

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/22/2009 3:53 AM 135336]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [11/2/2008 1:47 PM 193280]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 8:35 AM 819600]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\DANNGU~1\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys --> c:\docume~1\DANNGU~1\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys [?]
S3 CIF USB CAMERA Service;CIF USB CAMERA;c:\windows\system32\drivers\pfc027.sys [12/21/2008 6:20 PM 112380]
S3 sftfs;sftfs;\??\c:\program files\Microsoft Application Virtualization Client\drivers\sftfsXP.sys --> c:\program files\Microsoft Application Virtualization Client\drivers\sftfsXP.sys [?]
S3 sftplay;sftplay;\??\c:\program files\Microsoft Application Virtualization Client\drivers\sftplayXP.sys --> c:\program files\Microsoft Application Virtualization Client\drivers\sftplayXP.sys [?]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 4:05 PM 21864]
S3 sftvol;sftvol;\??\c:\program files\Microsoft Application Virtualization Client\drivers\sftvolXP.sys --> c:\program files\Microsoft Application Virtualization Client\drivers\sftvolXP.sys [?]
S3 XDva296;XDva296;\??\c:\windows\system32\XDva296.sys --> c:\windows\system32\XDva296.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper   REG_MULTI_SZ      getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-05-18 c:\windows\Tasks\User_Feed_Synchronization-{E813EEF4-3BBD-4407-A1E9-757A193DE58A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Dan Nguyen\Application Data\Mozilla\Firefox\Profiles\33dn0ntc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-78-0-mnpx\n&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGPPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-UberIcon - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
HKLM-Run-VisualTooltip - c:\documents and settings\Dan Nguyen\Desktop\visual-tooltip-crystalxp.net-en-197\VisualToolTip.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 20:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2040)
c:\windows\system32\WININET.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WgaTray.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\Rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-17  20:20:39 - machine was rebooted
ComboFix-quarantined-files.txt  2010-05-18 03:20

Pre-Run: 2,310,684,672 bytes free
Post-Run: 27,921,072,128 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5E0147A5A96FA84B73C93BE99C4BD0D6

[SuperDave]

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

==============================================
I'd like us to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[Addicted2Apples]

 Results of screen317's Security Check version 0.99.4 
 Windows XP Service Pack 3 
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 Avira AntiVir Personal - Free Antivirus
 Antivirus up to date! 
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 HijackThis 2.0.2   
 Java(TM) 6 Update 17 
 Out of date Java installed!
 Adobe Flash Player 10.0.45.2 
Adobe Reader 9.3.2
 Mozilla Firefox (3.5.9) Firefox Out of Date! 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


===============================


C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Dan Nguyen\Application Data\Adobe\Flash\install.js   JS/Spy.FFSpy.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Dan Nguyen\Application Data\Adobe\Flash\install.rdf   JS/Spy.FFSpy.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Dan Nguyen\Application Data\Adobe\Flash\content\google.js   JS/Spy.FFSpy.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Dan Nguyen\Application Data\Adobe\Flash\content\overlay.js.old   JS/Spy.FFSpy.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Dan Nguyen\Application Data\Sun\Java\Deployment\cache\6.0\6\5b3d5486-15c5e2c0   a variant of Java/TrojanDownloader.Agent.NAN trojan   deleted - quarantined

[SuperDave]

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

=======================================
* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type blackpudding /uninstall in the runbox
* Make sure there's a space between blackpudding and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
======================================
Download OTC by OldTimer and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

=============================

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

==========================

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[ndwar]

Hello SD,

I've had the exact same problem occur on my laptop yesterday (Windows Vista). Would you be able to guide me in cleaning up the virus?

Thank you.