Viruses, Spyware and...

Viruses, Spyware and other Nasties RSS

Iexplore.exe keeps opening by itself

•

Join Date: Sep 2007

Posts: 3

Reputation: Chromedragon is an unknown quantity at this point

Solved Threads: 0

Chromedragon Chromedragon is offline

Offline

Newbie Poster

Iexplore.exe keeps opening by itself

Sep 23rd, 2007

Seems Daniweb helps a lot of folks out and I would be forever grateful if someone could help me solve this problem. I never actually use IE, just Firefox, but for the past couple of months I have been dealing with occasional popups and at least two copies of IEXPLORE.EXE running in processes all the time. Close one and another pops right back up.

Anyhow, here is my hijackthis log. I hope someone can help. Thanks!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:58:30 AM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mr. Demo\Desktop\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [axis web cake second] C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\USER PURE.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MediaProxy] C:\DOCUME~1\MR7D46~1.DEM\APPLIC~1\MAPIMA~1\INTERNET ARMY MFCD.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6018 bytes

•

Join Date: Aug 2007

Posts: 1,729

Reputation: Suspishio is an unknown quantity at this point

Solved Threads: 137

Suspishio

Offline

Simples!

Re: Iexplore.exe keeps opening by itself

Sep 23rd, 2007

I can't see anything in the HJT log - but it seems from your report that the browser has been hijacked. You can make a rudimentary heck by seeing wether the default web site is the same as in FireFox; if not and if it is one of these undesired locations, then you've been hijacked.

The afflicting scourge will likely have been by way of registry modification that forces the condition at start up. You can try fiddling in the Registry but ....

Better to get some decent anti-spyware (which you haven't mentioned) like Ad-Aware or SpyBot or AVG.

Let us know.

Suspishio
My advice is at your risk
Qosmio G50-10H; T9400 2.53GHz Core 2 Duo; 4GB RAM; Vista HP (32)
nForce 680i LT; Q6600 Quad Core 2.4GHz; 8GB RAM; XP Pro (64)
Dell XPS M1710; T7200 2GHz Core 2 Duo; 2GB RAM; XP Pro (32)

•

Join Date: Sep 2007

Posts: 3

Reputation: Chromedragon is an unknown quantity at this point

Solved Threads: 0

Chromedragon Chromedragon is offline

Offline

Newbie Poster

Re: Iexplore.exe keeps opening by itself

Sep 23rd, 2007

I have run Adaware several times and it hasn't done the trick. The processes are always running, but there aren't always windows open. They seem to pop up more often while I'm surfing in Firefox, particularly when I'm not actually navigating, often when I'm just typing in forums, like it just did now while I was typing this.

Frankly I could keep ignoring it, but I went to install Dreamweaver this morning and it won't install until I close the browser, which obviously I cannot do.

I'll try to run Adaware in safe mode later on to see if that does the trick.

•

Join Date: Aug 2007

Posts: 1,729

Reputation: Suspishio is an unknown quantity at this point

Solved Threads: 137

Suspishio

Offline

Simples!

Re: Iexplore.exe keeps opening by itself

Sep 23rd, 2007

Then maybe you do need do delve into your Registry and see what's running at startup.

I posted a fix for Vundo (which I haven't seen in your HJT log on 24-Aug. Take a look at this. The discipline for finding what DLLs, INIs, SYS files and so on could well help you to solve this. The fix I posted didn't rely on any registry work other than to clean up later.

But check your Registry first under RUN and Startup.

•

Join Date: May 2005

Posts: 3,204

Reputation: gerbil will become famous soon enough

Solved Threads: 188

gerbil

Offline

Nearly a Senior Poster

Re: Iexplore.exe keeps opening by itself

Sep 23rd, 2007

Hmmm, that rather looks like a Lop infection there - it's pretty pesky adware. These two entries point it out:

O4 - HKLM\..\Run: [axis web cake second] C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\USER PURE.exe
O4 - HKCU\..\Run: [MediaProxy] C:\DOCUME~1\MR7D46~1.DEM\APPLIC~1\MAPIMA~1\INTERNET ARMY MFCD.exe

Best to use the proper tool, and then follow up with a clean and general adware/spyware scan.
==Download NoLop from the link on this page; follow the instructions given. Post the report C:\NoLop.log.
http://www.thespykiller.co.uk/index....pmod;dl=item16
==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5
or here.. http://free.grisoft.com/freeweb.php/...i-spyware-free
-Install it and UPDATE it.
Start AVG a-s 7.5;
-under Scanner/ Settings please change the default action from Recommended Actions to QUARANTINE, and run the complete system scan.
-press Apply all Actions and Save the log file. Post the log file.
That lot should do it. Don't try to just fix those two entries above manually.

Last edited by gerbil; Sep 23rd, 2007 at 10:45 pm.

Deep, deep in the woods, but walking about.

•

Join Date: Sep 2007

Posts: 3

Reputation: Chromedragon is an unknown quantity at this point

Solved Threads: 0

Chromedragon Chromedragon is offline

Offline

Newbie Poster

Re: Iexplore.exe keeps opening by itself

Sep 24th, 2007

Here is the nolop log.

NoLop! Log by Skate_Punk_21

Fix running from: C:\Program Files\Mozilla Firefox
[9/24/2007]
[10:51:55 AM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\B4A00DC2820B8C3A.job

Beginning Removal...
Rebooting...

Beginning Removal...
Rebooting...

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Help
C:\Documents and Settings\All Users\Application Data\Nero
C:\Documents and Settings\All Users\Application Data\Pure Networks
C:\Documents and Settings\All Users\Application Data\That Amen Second Book -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Trans Cake Up Flap
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Winzip -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Mr. Demo\Application Data\Adobe
C:\Documents and Settings\Mr. Demo\Application Data\Ahead
C:\Documents and Settings\Mr. Demo\Application Data\Animo
C:\Documents and Settings\Mr. Demo\Application Data\Apple Computer
C:\Documents and Settings\Mr. Demo\Application Data\Azureus
C:\Documents and Settings\Mr. Demo\Application Data\Divx
C:\Documents and Settings\Mr. Demo\Application Data\Dvdcss
C:\Documents and Settings\Mr. Demo\Application Data\Identities
C:\Documents and Settings\Mr. Demo\Application Data\Lavasoft
C:\Documents and Settings\Mr. Demo\Application Data\Macromedia
C:\Documents and Settings\Mr. Demo\Application Data\Mapimaildart
C:\Documents and Settings\Mr. Demo\Application Data\Media Player Classic
C:\Documents and Settings\Mr. Demo\Application Data\Microsoft
C:\Documents and Settings\Mr. Demo\Application Data\Mozilla
C:\Documents and Settings\Mr. Demo\Application Data\Real
C:\Documents and Settings\Mr. Demo\Application Data\Sun
C:\Documents and Settings\Mr. Demo\Application Data\Thumbsplus -- EMPTY Directory
C:\Documents and Settings\Mr. Demo\Application Data\Vlc
C:\Documents and Settings\Networkservice\Application Data\Microsoft

And the AVG file

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:43:19 AM 9/24/2007

+ Scan result:

:mozilla.387:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.100:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.101:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.102:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.103:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.104:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.425:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.610:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.687:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.799:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.96:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.99:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.458:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.459:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.460:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.198:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.199:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.334:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.338:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.339:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.340:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.341:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.342:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.343:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.344:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.345:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.346:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.306:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.307:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.308:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.309:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.310:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.7:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.607:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.644:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.647:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.649:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.113:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.114:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.115:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.116:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.117:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.119:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.121:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.122:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.123:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.124:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.125:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.126:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.823:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.824:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.188:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.427:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.428:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.429:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.118:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.120:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.502:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.509:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.629:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.462:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.463:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.464:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.465:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.467:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.468:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.469:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.423:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.535:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.538:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.728:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.758:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.761:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.375:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.378:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.379:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.380:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.482:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.525:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.560:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.561:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.562:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.563:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.626:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.670:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.673:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.442:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.443:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.784:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.628:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.580:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.293:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.294:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.213:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.832:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.834:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.586:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.215:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.395:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.396:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.397:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.398:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.399:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.400:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.401:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.402:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.403:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.605:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.606:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.782:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.783:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.150:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.151:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.152:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.153:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.154:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.155:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.156:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.157:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.158:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.159:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.160:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.161:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.162:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.163:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.164:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.165:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.166:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.167:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.168:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.169:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.170:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.171:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.37:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.38:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.39:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.40:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.41:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.42:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.352:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.353:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.354:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.355:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.356:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.357:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.358:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.359:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.360:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.361:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.362:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.363:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.643:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.645:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.646:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.648:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.202:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.688:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.453:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.674:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.696:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.697:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.267:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.268:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.269:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.270:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.271:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.272:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.273:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.274:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.275:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.276:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.172:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.183:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.184:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.185:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.186:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.187:C:\Documents and Settings\Mr. Demo\Application Data\Mozilla\Firefox\Profiles\fkilruaf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\All Users\Application Data\Trans Cake Up Flap\Plan Help.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\Documents and Settings\Mr. Demo\Application Data\mapimaildart\deqfawec.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B7CDFF46-974E-4A52-8F10-62341E9042F5}\RP157\A0022469.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B7CDFF46-974E-4A52-8F10-62341E9042F5}\RP182\A0025459.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).

::Report end

•

Join Date: May 2005

Posts: 3,204

Reputation: gerbil will become famous soon enough

Solved Threads: 188

gerbil

Offline

Nearly a Senior Poster

Re: Iexplore.exe keeps opening by itself

Sep 24th, 2007

Could you post a fresh hijackthis log also, please, with your comments?
Oh, and in CCLeaner, if you are going to keep it, and may I suggest that you do... go Cleaner button, Apps tab, under FF pls check Cookies at least.. other choices are up to you...

These are the relevant entries in that AVG listing:
C:\Documents and Settings\All Users\Application Data\Trans Cake Up Flap\Plan Help.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\Documents and Settings\Mr. Demo\Application Data\mapimaildart\deqfawec.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B7CDFF46-974E-4A52-8F10-62341E9042F5}\RP157\A0022469.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B7CDFF46-974E-4A52-8F10-62341E9042F5}\RP182\A0025459.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).

IN AVG AS empty the quarantine bin.
System Restore Points Clearance:
==You SHOULD clear all your system restore points because some have been infected.... AVG may have cleaned them, but we cannot be sure it found everything. So go control panel > system > system restore tab, check Turn off sys res on all drives, Apply and OK. Do it all again but uncheck that box, Apply and OK.
[[a quick way in is Start > run, paste: control sysdm.cpl,,4 -and OK]]
Now make a fresh, clean restore point: Start > programs > accessories > system tools > system restore and create a restore point now!!

Last edited by gerbil; Sep 24th, 2007 at 10:53 pm.

Deep, deep in the woods, but walking about.

•

Join Date: Oct 2008

Posts: 2

Reputation: stickman3486 is an unknown quantity at this point

Solved Threads: 0

stickman3486 stickman3486 is offline

Offline

Newbie Poster

Re: Iexplore.exe keeps opening by itself

Oct 15th, 2008

•

Originally Posted by gerbil

Hmmm, that rather looks like a Lop infection there - it's pretty pesky adware. These two entries point it out:

O4 - HKLM\..\Run: [axis web cake second] C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\USER PURE.exe
O4 - HKCU\..\Run: [MediaProxy] C:\DOCUME~1\MR7D46~1.DEM\APPLIC~1\MAPIMA~1\INTERNET ARMY MFCD.exe

Best to use the proper tool, and then follow up with a clean and general adware/spyware scan.
==Download NoLop from the link on this page; follow the instructions given. Post the report C:\NoLop.log.
http://www.thespykiller.co.uk/index....pmod;dl=item16
==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5
or here.. http://free.grisoft.com/freeweb.php/...i-spyware-free
-Install it and UPDATE it.
Start AVG a-s 7.5;
-under Scanner/ Settings please change the default action from Recommended Actions to QUARANTINE, and run the complete system scan.
-press Apply all Actions and Save the log file. Post the log file.
That lot should do it. Don't try to just fix those two entries above manually.

This is a first time on the forum. Hopefully you'll be able to help...I believe I have the same problem. I downloaded HijackThis v1.99.1 and this is the report it gave me. Maybe you could give me a hand also!

•

Join Date: Oct 2008

Posts: 2

Reputation: stickman3486 is an unknown quantity at this point

Solved Threads: 0

stickman3486 stickman3486 is offline

Offline

Newbie Poster

Re: Iexplore.exe keeps opening by itself

Oct 15th, 2008

Logfile of HijackThis v1.99.1
Scan saved at 5:12:44 AM, on 10/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\WIN40\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\WIN40\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Steve\Desktop\HijackThis_199.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {A9D68F80-DA57-4096-B412-5FB8B0AF0758} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
O2 - BHO: 215651 helper - {0BC5E8C9-6EFF-4976-9A3C-D74148442CE7} - C:\WINDOWS\system32\215651\215651.dll (file missing)
O2 - BHO: - {15DD8797-E994-4D8F-BCDE-6B3E3BE4C3B1} - blank (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: gootbl2 - {435adc46-dcab-4593-92c8-25d2befceab7} - C:\WINDOWS\system32\mipinu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - blank (file missing)
O3 - Toolbar: mSpace Toolbar - {ED46E61C-C391-49ED-82F8-A3DCAA44671F} - blank (file missing)
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\5.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [vrsden] C:\WINDOWS\system32\vrsden.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [saie] c:\windows\system32\saie.exe
O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\vision~1\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [d50c20abe774] C:\WINDOWS\System32\cnvfat50.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [03dbc308a012] C:\WINDOWS\System32\cnvfat56.exe
O4 - HKLM\..\Run: [03491418.exe] C:\WINDOWS\system32\03491418.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [lphc13kj0e351] C:\WINDOWS\system32\lphc13kj0e351.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Thaa] "C:\WINDOWS\CROSOF~1.NET\dllhost.exe" -vt ndrv
O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
O4 - HKCU\..\Run: [prqtect] C:\WINDOWS\System32\prqtect.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\VISION~1\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Ityhd] C:\PROGRA~1\COMMON~1\DOBE~1\wowexec.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [33350ae8.exe] C:\Documents and Settings\Steve\Local Settings\Application Data\33350ae8.exe
O4 - HKCU\..\Run: [user16] C:\WINDOWS\system32\winhlp.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: mSpace Toolbar - {ED46E61C-C391-49ED-82F8-A3DCAA44671F} - blank (file missing)
O9 - Extra 'Tools' menuitem: mSpace Toolbar - {ED46E61C-C391-49ED-82F8-A3DCAA44671F} - blank (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.co...x/HMAtchmt.ocx
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: nslookup.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O20 - Winlogon Notify: xdhamcog - C:\WINDOWS\SYSTEM32\xdhamcog32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\WIN40\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing)